Specialist Computer Centres plc

OFFICIAL/OFFICIAL Sensitive Infrastructure as a Service (IaaS) - Silver Service - Sentinel by SCC

Sentinel, by Specialist Computer Centres (SCC), Infrastructure as a Service (IaaS) keeps data secure to NCSC (previously CESG) security standards (including OFFICIAL and OFFICIAL Sensitive). PSN and Cyber Essentials Plus (CE +) Certified. PSN / GCF Connectivity. The first to be Pan-Government Accredited multi-tenanted Infrastructure as a Service(IaaS) cloud solution.

Features

  • Multiple secure network connections and services (inc PSN & GCF)
  • Service Delivery Management
  • Secure Compute - Infrastructure-as-a-Service (IaaS), Storage and Backup
  • Secure network interconnect capability to HSCN, PNN, CJX and RLI
  • AV, Patching, Monitoring, Base OS Management, security monitoring, DR management
  • Dedicated physical machines available
  • Optional PSN; DNS Resolver and Secure Internet Gateway (SIG)
  • ISO 27001, ISO 9001, ISO 14001, ISO 20000 quality standards
  • Delivered by UK based Security Cleared (SC) staff
  • Replacement OFFICIAL GCF services

Benefits

  • PSN OFFICIAL certified, Network, Compute, Back-Up and Storage Platform
  • Pay as you go compute model (IaaS) providing flexible environments
  • Pre-sized machine offerings with incremental, customised sizing options available
  • Multiple Operating Systems supported (Windows Server and RedHat Enterprise)
  • hree pre-defined service models available for environments-Bronze, Silver and Gold
  • GPG 13 Compliant (DETER) platform
  • Connect available via the Internet, PSN Government Networks or more
  • Single and dual site options provide two levels of availability
  • Built upon industry standard components and services
  • Cyber Essentials Plus (CE +) security accreditation

Pricing

£0.12 per virtual machine per hour

Service documents

Framework

G-Cloud 11

Service ID

4 3 9 6 7 1 6 1 0 9 9 8 9 4 7

Contact

Specialist Computer Centres plc

Mike Nelson

07976-014269

gcloud@scc.com

Service scope

Service constraints
Maximum standard vCPU of 12
Maximum standard RAM of 64GB
Maintenance window between the hours of 23:00 and 06:00
VMs shall be decommissioned via change control
Support (if included) up to base OS only
MACs via SCC service request process
Further constraints given in Service Definition
System requirements
  • Connect via an approved network connection
  • Meet the requirements of the associated Code of Connections

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Priority Response 1 - 30 mins, Priority Response 2 - 60 mins, Priority Response 3 - 4 Hrs Priority Response 4 - 72 Hrs Support is available up to 24/7
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
Three pre-defined service models. Bronze – our rawest infrastructure service ideal for development or PoC exercises. Silver – a customisable menu of services allowing customers to pick and choose what they’d like. Gold – a fully managed and monitored secure Infrastructure service up to and including the OS.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
All new customer opportunities are run as a project, as part of this there is a discovery and transition phase which help identify the customer requirements and bring them into the service. Transition, Project and Service Delivery Managers are also assigned to assist customer into the service.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The virtual machine file, together with the configuration files shall be supplied to the Customer using either encrypted media as appropriate. SCC will then destroy all live and backup copies of the virtual machine file and data within our control in line with NCSC guidelines and provide written.
End-of-contract process
SCC will work with the Customer to create an exit plan and strategy within 3 months of the start of service. This is included in the price of the contract. The exit plan will define what happens at the end of the contract.

Using the service

Web browser interface
Yes
Using the web interface
The Self Service portal enables users to request new items such as virtual machines, applications and networks. Users can also fully manage their assets from the portal, including power cycle functions, adding and removing resources, re-provisioning and decommissioning, with role based access determining which functions a user has access to.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Web interface accessible via Sentinel approved secure network connections and devices. This includes the PSN and Internet via Sentinel RAS offering.
Web interface accessibility testing
None
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
QoS policies in place to ensure secure segregation is in place. All customers and their users must agree to the Acceptable Usage Policy.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
Reporting types
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • VM-level backup&restore with agent based individual file restore capabilities
  • Per GB per month with application aware backups available
  • Examples include Exchange, SQL, SharePoint, ActiveDirectory
Backup controls
Via change control and SCC service desk
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Separate management platform for accessing Customers. Management platform utilising firewalling and proxy layers to access Customers. Proxy layer contains different jumpboxes to access different management domains, which present different access methods to and from Customers. Customer tenancy severs require backend private VLAN interfaces for SCC Sentinel Management access and logging.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
IPS, Use of secure protocols TLS,SSH for services where possible, Private VLAN's to isolate Customer environments

Availability and resilience

Guaranteed availability
Offering two availability levels (SLAs), 99.90% (single site) and 99.95% (dual site) for all VM components - compute, storage and network.
Approach to resilience
SCC’s Sentinel platform is housed within Tier 3+ data centres delivering resiliency at all levels of the infrastructure, providing a stable, reliable infrastructure platform. To offer additional levels of availability SCC provide the option for a dual site implementation, utilising SCC’s secondary Data Centre as a cold standby facility.
Outage reporting
Monitoring with SCC toolsets

Identity and authentication

User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Number of different methods that a user can access the estate including Government network (PSN-A and PSN-P), a PSN Assured 2-factor authentication Remote Access Service, and a PSN Assured site-to-site VPN Service.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
LRQA
ISO/IEC 27001 accreditation date
01/07/2017
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • PSN Assurance
  • Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
All our security policies are aligned to and certified to ISO 27001:2013. All policies are reviewed annually for relevance and accuracy and to ensure the policies are up to date with technology and current legislation and signed off by the SIRO.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
The configuration and change management process is documented and described in the SCC Sentinel Change Management Process document. The various types of changes are defined and detailed, the risks and impacts defined, roles and responsibilities are defined and the CAB process is detailed.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
SCC's vulnerability scanning and penetration testing policy documents the process and how vulnerabilities are proactively detected and remediated in a timely fashion. SCC performs monthly vulnerabilities across the Sentinel platform covering approximately 20% of the platform each month, ensuring the whole platform is covered twice within a 12 month period.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Protective monitoring is carried out in accordance with GPG 13 to level B (Deter)
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
All our incident management processes are aligned to and certified to ISO 27001:2013 as defined in HMG Cloud Security Guidance: Standards and Definitions

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
The service is built upon industry standard components and services ensuring segregation of customers. The entire platform inclusive of hardware, software and network is PSN accredited for a multi-tenanted environment and we are an accredited PSN Service Provider (PSNSP).

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Our data centre's are managed in accordance with our ISO 14001 accreditation and therefore part of our Environmental and Sustainability process and procedures.

Pricing

Price
£0.12 per virtual machine per hour
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑