Mazepoint Limited

Mazepoint Hosting Service

This service provides virtualized Windows machines running on HyperV hosts, each running on their own VLAN for security to support Mazepoint’s Software and Support services. Servers owned by Mazepoint are housed in secure, climate-controlled hosting facilities in London and Frankfurt owned and run by Telehouse, a subsidiary of KDDI.

Features

  • Servers and infrastructure managed by Mazepoint
  • Extra server resources on request
  • Virtual machine specification and configuration, tailored to specific requirements
  • Archiving, backup, backup restoration and disaster recovery included
  • System logging and analysis for service reporting
  • Security, encryption, firewall and intrusion protection to two audited standards
  • Optional PEN testing through third parties
  • Offsite recovery to secondary data centre
  • Lower cost than mainstream suppliers for management, usage and availability
  • Virtual networks segregating customers and services for greater security

Benefits

  • Reduced burden on internal IT personnel and systems
  • Easily scaleable to demand
  • Ensures the right resources for the right workload
  • No additional backup hosting required, fast backup restoration when required
  • Full audit trail of system usage, track user adoption, fraud
  • Confidence that best practice and vigilance is being applied
  • Option to increase security levels as required
  • Greater system, data and application security and redundancy
  • Greater economic benefit
  • Service is not shared with other organisations, exclusive use

Pricing

£250 per unit per month

  • Free trial available

Service documents

G-Cloud 9

559098866063405

Mazepoint Limited

James Noble

020 7348 7600

jnoble@mazepoint.com

Service scope

Service scope
Service constraints Processing capacity on individual virtual machines requires machine restart. The service will be taken offline for upgrade patching on a timetable agreed with each customer. This hosting service can only be purchased in conjunction with one of Mazepoint's software services.
System requirements None

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Please refer to our service definition document for more information
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide an ITIL approach to service levels which is detailed in our Service Description document. In principle it provides for identification, management, resolution, and considered future mitigation through a tiered support structure, that is contactable via various methods and operates during normal UK office hours of 8:30 - 17:30, Monday to Friday (except UK public holidays and period between Christmas and New Year). Other support arrangements are available on request.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Tailored to each customer's requirements, can include onsite, online training and user documentation
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction See Software Services for data extraction procedures. Hosting data logs are available from the support team on request and may incur a charge based on the SFIA rate card.
End-of-contract process Once the service comes to an end, customers are given 7 days to backup and download their data themselves. Should they require our help then this is available at an extra cost. After this period, the virtual machine is security disposed of. Backups of the virtual machine will be kept for 30 days unless otherwise requested to be securely deleted sooner.

Using the service

Using the service
Web browser interface No
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources Server capacity is managed within the virtualisation environment which is controlled by the infrastructure team using monitoring tools. Systems usage and capacity are monitored through the router logs which provide alerts to potential performance and capacity limits. Performance of specific customer applications is monitored regularly to ensure continuity of service. Customer websites and applications are continuously monitored with Site24x7. Project managers, delivery and support staff will be immediately updated on any resource capacity issues that arise on a customer's environment.
Usage notifications Yes
Usage reporting Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types Other
Other metrics Provided on request
Reporting types Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
Backup controls Please refer to our service definition document for more information
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability Availability is defined as the time the service is available during the agreed service window i.e. outside of agreed downtime for maintenance and upgrades. Any further agreed downtime does not count towards the service availability statistic. Generally, Mazepoint offers a 99.7% service availability measured on a monthly basis which will be confirmed in the SLA. Any case of a breach of an SLA will be reported as an incident in Mazepoint's support ticketing system and assigned an impact and urgency level, which is accessible to the client.
Approach to resilience The underlying virtualised infrastructure runs on resilient host hardware. Virtual machines can be migrated between hosts with no loss in service and minimal disruption.
Firewalls are clustered and configured to failover in the event of an individual one failing.
Mazepoint’s data centre provider has highly resilient infrastructure including dual power feeds & backup generator capacity, and redundant cooling, offering power uptime SLA’s of 99.999%.
Internet connectivity is multi-homed via several suppliers to ensure continuous connectivity in the event of an ISP failure.
Outage reporting Service availability at a client level is continuously monitored by Mazepoint. Any service failures will alert the Mazepoint Infrastructure team who will deal with the issue accordingly. An incident support ticket will be created, alerting the customer, and will be resolved in accordance to the agreed SLA. Live public service dashboards and direct email alerts are available on request at an additional cost.

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels Mazepoint’s User Access Management Policy establishes the procedures for restricting access to prevent unauthorised use of information systems. The procedures are documented for new users, managing change, password and privilege management as well as regular reviews of user-access rights. Group-based permissions are supplied within each service application, generally administered by the customer, with the capability to control each user’s data and information access rights down to an individual data cell. Mazepoint’s Password Security Policy establishes the standards required for password complexity and compliance measurement. Access to Mazepro, Mazepoint’s support ticketing system is governed by similar user access rights and passwords.
Access restriction testing frequency At least once a year
Management access authentication Username or password
Devices users manage the service through
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Please contact us for more information
ISO/IEC 27001 accreditation date Please contact us for more information
What the ISO/IEC 27001 doesn’t cover Please contact us for more information
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations Yes
Any other security accreditations Cyber Essentials Plus

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Without exception, all Mazepoint staff are contractually obliged to adhere to the principles of ISO27001:2013 in respect of information security. The company’s ISO27001 accreditation is based on a variety of policies, procedures, risk assessments and responsibilities, all of which are subject to regular external and internal audits, and staff are regularly reminded of their obligations and notified when policies and procedures are updated. The company’s ISO accreditation is led by the Managing Director, the management representative, who retains responsibility for overall observance of policies, processes and updates while delegating responsibility for monitoring and compliance, primarily to the infrastructure and administration teams but also to the software development and new business teams. Each policy and process includes compliance measurement which is carried out by the policy owner and verified by the management representative. The company’s online Information Security Management System maintains all policy and process information, including ISO9001:2008 documentation and the Feedback Reporting System for use by all staff. The Managing Director and all team leaders attend the audits to ensure that any observation or potential non-conformance is addressed with the appropriate level of urgency, and management reviews are carried out and documented by the management representative.

Operational security

Operational security
Configuration and change management standard Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach Following the ITIL methodology for configuration and change, defined mainly as Standard or Normal. Requests are logged via Mazepoint's support ticketing system (Mazepro) and assessed in terms of impact and urgency. A priority matrix is referred to determining the response and resolution time for each request. For system critical items, users are also required to inform Mazepoint by telephone. Users will be notified of an approximate time for resolution at the outset and regularly updated until completion.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Mazepoint’s Vulnerability Management Policy documents this process which is enforced by the infrastructure team. Common vulnerabilities and exposures are routinely checked in accordance with the CVE database and other third party sources. Systems are monitored to detect and assess vulnerabilities which are then classified and prioritised by risk and urgency. Vulnerability removal is then planned and executed. Software updates are applied on a regular basis or immediately in the case of high risk, urgent vulnerabilities. User identity and access rights, hardware and software configuration standards, and network vulnerabilities are all regularly reviewed, assessed and tested, and remediation plans implemented.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Regular review of firewall logs to understand potential compromises. Management of incidents is documented in the Information Security Incident Management policy
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach Mazepoint’s Information Security Incident Management Policy documents this process. Security incidents that have a direct impact on a customer’s application or data will result in the customer being contacted immediately following incident identification. Security incidents are logged in Mazepoint’s support ticketing system, Mazepro, and the progress of open tickets tracked. Upon closure of a security incident ticket, the customer will receive a full report covering the time the incident was identified to its resolution. Monthly security and service reports are available to the customer at an additional cost.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Other
Other virtualisation technology used Please refer to the service definition document for more information
How shared infrastructure is kept separate Please refer to the service definition document for more information

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £250 per unit per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Please refer to our service definition document for more information

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑