Xpertex

YourCloud

A private cloud solution for any customers with legal requirements to hold your data/services in the cloud but with the knowledge of where your data is held at all times.

Features

  • Private Cloud
  • Technially advanced

Benefits

  • Private Cloud
  • Managed by a small provider who cares
  • Resilient services across multiple UK locations

Pricing

£1 per virtual machine per month

  • Education pricing available

Service documents

G-Cloud 9

490805067130750

Xpertex

Marcus Trott

08450341412

marcus.trott@xpertex.co.uk

Service scope

Service scope
Service constraints None
System requirements
  • All services will be designed and managed for your requirements
  • Services will be supported on an ongoing basis by Xpertex

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 1 hour response
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Yes, at an extra cost
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard None or don’t know
How the web chat support is accessible Our support team use Skype for Business (Lync) and can be contacted during normal business hours.
Web chat accessibility testing None
Onsite support Yes, at extra cost
Support levels Our support services are customised for each customer. Platinum, Gold and Silver services alter based on each customer requirements. Onsite and Offsite presence can be delivered with dedicated/part time account manager offered where appropriate.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started All services are defined and documented up-front but initial meeting are conducted to define the customer requirements and delivered against these requirements. Onsite/Online Training and documentation can be provided when required.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction This will be provided to the user on exportable media.
End-of-contract process Services stop at the end of the contract. There is an expectation that all data/services have been migrated away (to another service) before the end of contract date.

Using the service

Using the service
Web browser interface No
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources By the use of Quotas. One customer cannot affect another's performance.
Usage notifications No

Analytics

Analytics
Infrastructure or application metrics No

Resellers

Resellers
Supplier type Reseller (no extras)
Organisation whose services are being resold Dell/EMC and Juniper Networks

Staff security

Staff security
Staff security clearance Staff screening not performed
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Virtual Machine
  • Database replication
  • Active Directory replication
Backup controls Schedule defined up-front which can be modified on request subsequently.
Datacentre setup Multiple datacentres
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability No formal SLA's are currently implemented. Availability is provided by the resilient infrastructure the system is provided upon.
Approach to resilience Both Data Centre are resilient to power outages and are geographically dispersed in the event of a catastrophic failure. All the IT components have been designed to run as resilient services in case of a service failure, the service will automatically move to a working node or location.
Outage reporting Email alerting to/via our ServiceDesk portal.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
Access restrictions in management interfaces and support channels All management interfaces are not accessible by users consuming the services Xpertex provide.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
Devices users manage the service through Dedicated device on a segregated network (providers own provision)

Audit information for users

Audit information for users
Access to user activity audit information No audit information available
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation No
Security governance approach As an accredited Cyber Essentials vendor, we implement Cyber Essentials best practises to provide security governance to all our customers systems and services.
Information security policies and processes All policies and processes associated with ISO27001 and Cyber Essentials are documented and presented as part of these accrediations.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All defined and documented as part of our Service Management tools
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our Cyber Security specialists keep abreast of potential vulnerabilities to our system at all times. All security patches are automatically deployed by default and System/Application patches are managed by our ServiceDesk team on a period basis.
Protective monitoring type Undisclosed
Protective monitoring approach GPG-13 policies and controls are in place and monitored at all times. Any compromises/issues are managed until resolved and customers are informed of progress at all times.
Incident management type Supplier-defined controls
Incident management approach Incident management policies and procedures are defined and documented. Any customers can have access to these policies when taking out our services.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider VMWare
How shared infrastructure is kept separate Protective measures are placed upon the Infrastructure to prevent users from one customer accessing another customers data or services. Vendor technology is implemented to prevent all eventualities.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £1 per virtual machine per month
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑