Perform Partners

AWS Management (Amazon Web Services)

Fully managed Amazon Web Services (AWS) service. All the features and benefits of an AWS solution managed and supported by fully AWS accredited technicians and consultants. Collaborative and bespoke specifications to suit your managed AWS environment supported 24 x 7.

Features

  • AWS procured and managed on your behalf
  • AWS Storage & Content delivery
  • AWS Databases
  • AWS Deployment & Management
  • AWS Configuration Management
  • AWS Serverless
  • AWS Workspaces
  • AWS Security
  • AWS Containers

Benefits

  • Outstanding service levels and support
  • Monitored and supported 24/7/365
  • Full integration of AWS Services
  • Access to AWS experts
  • Pay for what you use
  • Automatic scalability

Pricing

£390 a unit a day

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@perform-partners.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

4 7 9 2 0 5 5 7 5 3 5 0 9 0 1

Contact

Perform Partners Procurement
Telephone: 01134266810
Email: info@perform-partners.com

Service scope

Service constraints
None
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times as agreed with the client. We support business hours, heightened support and 24x7x365 services
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Onsite support
Support levels
We support 24x7x365 services, with a range of SLAs to meet client needs.

Our support teams respond to alerts and act to ensure that your services are operating effectively every second of the day. Our approach to Account Management is to provide a value added service to our customers. The Account Manager’s main role is to understand the core objectives of our clients’ businesses and ensure the services we are providing continually support the achievement of their goals.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Onboarding service with supported online training and supporting user documentation.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
We use best in class cloud infrastructure, configuration management and code management tools, and cloud based knowledgebase services. These can be hosted either on client instances, or our own, and can be easily handed back to clients or other third parties during service transition.
End-of-contract process
We factor a transition period into the service operation costs, assumed to be in the last 3-6 months of the contract. Service transition and handover is part of service operation. We would build the project delivery elements into the delivery backlog of the managed service team. Additional costs could be incurred if a client requires resources over and above the original agreed team size, and will be provided on a Time and Materials basis to a pre-agreed rate card - however, this will only be required if delivery or operational activities over and above that of the service team are requested specifically by the client.

Using the service

Web browser interface
Yes
Using the web interface
Documented here https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/getting-started.html?id=docs_gateway
Web interface accessibility standard
WCAG 2.1 AAA
Web interface accessibility testing
No additional testing ourselves.
API
Yes
What users can and can't do using the API
All AWS services can be configured via API, one such example is https://docs.aws.amazon.com/AmazonECR/latest/APIReference/Welcome.html
API automation tools
  • Ansible
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Anything possible in AWS CLI as documented here https://docs.aws.amazon.com/cli/index.html

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
We use either our clients' or our own cloud service accounts, with no contention from other users or services.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • SMS
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Amazon Web Services

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Databases
Backup controls
Backups will be performed and scheduled by the team. Requests for backups over and above those defined during the service design will be Service Requests (costs included in the service team operational cost).
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
SLAs range from 99.5% to 99.9% service availability. We have a client-specific service credit approach defined during service setup definition and negotiations.

Well-architected solutions on AWS that leverage AWS Service SLA’s and unique AWS capabilities such as multiple Availability Zones, can ease the burden of achieving specific SLA requirements.
Approach to resilience
Available on request.
Outage reporting
Public dashboard; personalised dashboard with API and events; configurable alerting (email / SMS / messaging) as well as hooks into tools such as Service Now and Pager Duty as required by our clients.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access is restricted by use of best in class authentication and identification processes as required by the client. All internal systems access is supported by 2-factor authentication, Public key authentication (including by TLS client certificate), and Identity federation with existing provider where relevant.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
United Registrar of Systems Ltd
ISO/IEC 27001 accreditation date
2020
What the ISO/IEC 27001 doesn’t cover
N/A
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
We ensure that all of our consultants comply with our policies on induction and on an annual refresh.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We offer and design Configuration and Change Management processes that meet exacting client requirements in secure and sensitive, compliance-driven environments.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We offer and design Vulnerability Management processes that meet exacting client requirements in secure and sensitive, compliance-driven environments, using best in class threat definition resources internally and externally.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We offer and design Protective Monitoring processes that meet exacting client requirements in secure and sensitive, compliance-driven environments. We can integrate with client or third party SOC services, which form part of service evolution, protection and incident management.
Incident management type
Supplier-defined controls
Incident management approach
We offer and design Incident Management processes that meet exacting client requirements in secure and sensitive, compliance-driven environments, in line with specific client objectives. Incident reports are provided to an agreed schedule and timeline, and are also automated by the toolsets we integrate with. Incidents can be reported using tools such as Service Now or Pager Duty, or via Service processes (client Service Management teams directly contacting our service teams).

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Other
Other virtualisation technology used
VMware
Hyper-V
AWS proprietary
How shared infrastructure is kept separate
Customer environments are logically segregated, preventing users and customers from accessing unassigned resources. Customers maintain full control over their data access. Services which provide virtualized operational environments to customers, ensure that customers are segregated and prevent cross-tenant privilege escalation and information disclosure via hypervisors and instance isolation.

Different instances running on the same physical machine are isolated from each other via the Xen hypervisor. The Amazon EC2 firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All packets pass through this layer. The physical random-access memory (RAM) is separated using similar mechanisms.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
AWS is committed to running our business in the most environmentally friendly way possible. In addition to the environmental benefits inherently associated with running applications in the cloud, AWS has a long-term commitment to achieve 100% renewable energy usage for our global infrastructure footprint. We’ve made a lot of progress on this commitment. In January 2018, AWS achieved 50% renewable energy usage.

To date, we have announced nine new renewable energy projects (three wind farms and six solar farms), and these projects will deliver a total of 2 million MWh of energy annually onto the electric grid powering AWS data centers located in the AWS US East (Ohio) and AWS US East (N. Virginia) Regions. The electricity produced from these projects is enough to power the equivalent of over 190,000 U.S. homes annually, which is approximately the size of the city of Atlanta, Georgia.
More information is available on the AWS and Sustainability page.

AWS introduced its first carbon-neutral region in 2011. Today, AWS offers customers five AWS Regions that are carbon-neutral:

• US West (Oregon)
• AWS GovCloud (US-West)
• EU (Frankfurt)
• EU (Ireland)
• Canada (Central)

Pricing

Price
£390 a unit a day
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@perform-partners.com. Tell them what format you need. It will help if you say what assistive technology you use.