Q Associates Limited

Q_Veritas SaaS Backup

Veritas SaaS Backup™ delivers secure, end-to-end data protection across the entire Office 365, G Suite, or Salesforce.com environment and beyond. Veritas SaaS Backup™ provides better data insights for anytime, anywhere access, and instant restore capabilities with a single click
Optional Aptare Cloud Analytics


  • Back up automatically up to 6 times per day.
  • Add new users to scheduled backups automatically.
  • Manage by groups or individuals.
  • Instant restores & manage multiple SaaS workloads from single console.
  • Access anywhere, anytime on any device.
  • In-flight encryption with TLS 1.2, at-rest with 256-bit AES.
  • Role-based access control & Audit logs.
  • Multi-factor authentication support.
  • 99.9% uptime.
  • Granular restore at tenant, user, folder, or file level.


  • Point-in-time restore & Preview before restore.
  • In-place restore.
  • Direct download restores & Secure URL links to restored data.
  • Cross user and cross tenant restore.
  • Unlimited storage, no servers or storage purchases required.
  • Fast into service as no installing, deploying or upgrading.


£38.40 a user a year

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@qassociates.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 12

Service ID

5 6 2 7 1 5 8 5 0 8 1 1 9 8 8


Q Associates Limited Adam Freeman
Telephone: 01635 248181
Email: tenders@qassociates.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Veritas Backup products
Microsoft Office365 & Microsoft TEAM's
Google G-Suite
Cloud deployment model
Public cloud
Service constraints
System requirements
  • A Valid subscription to Microsoft Office365
  • A valid subscription to Google G-Suite
  • A valid subscription to Salesforce

User support

Email or online ticketing support
Email or online ticketing
Support response times
"Severity 1 response within 30 minutes
Severity 2 response within 2 hours
Severity 3 response by the same time next business day
Severity 4 response within the next business day"
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
"Essential Support provides:
- Access to technical support provided by telephone on a 24x7 basis
- Access to the Veritas technical support website on a 24x7 basis
- Continuous Efforts support for Severity 1 Cases (upon customer request)
- Access to Hot Fixes and Patches
- Access to Software Version Upgrades"
Support available to third parties

Onboarding and offboarding

Getting started
Veritas SaaS Backup has a simple Onboarding and offboarding process. Once an account has been provisioned the admin can login and setup the initial backup. All documentation is available at sort.veritas.com

Although service easy to deploy, there could be a number of complex site specific integration requirements and Q has a number of cloud support services that can assist along with a number of Backup Service options.
Service documentation
Documentation formats
End-of-contract data extraction
Customer can perform individual restores and complete dataset downloads are possible via the web interface. Complete datasets can also be downloaded via the API interface. All extracts must be completed before contract end

Additionally, should clients exiting service require support in addressing integrated functionality we are able to support clients via our existing G Cloud 11 support services.
End-of-contract process
After ninety (90) days following expiration or termination of Service, Veritas shall delete Customer Content, unless otherwise prohibited by law. Please note that any unlimited data retention setting may not be retained and the corresponding Customer Content may be deleted earlier in the event of Service expiration or termination.

Q Associates have a number of G-Cloud 12 support services that can assist clients in understanding the implications and options available when exiting cloud services, including both on premise integration and multi-cloud capabilities.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
Application to install
Designed for use on mobile devices
Service interface
Description of service interface
Web based
Accessibility standards
None or don’t know
Description of accessibility
Web based
Accessibility testing
What users can and can't do using the API
"APIs are available for
- Account Services
- ACLs
- Authentication services
- Search
- Cloud Connector
- Device Access
- Favourites
- FCM Recipients
- Global Environment
- Job Scheduling
- Logging
- Messaging & Miscellaneous
- Object Encoding
- Performance Logging
- Sharing
- Single Sign On
Volatile Event Queueing"
API documentation
API documentation formats
API sandbox or test environment
Customisation available


Independence of resources
Ongoing capacity management ensures continued capacity for all users


Service usage metrics
Metrics types
"Service metrics available are
- License Usage
- Dataset Size
- Covered Seats
- Covered Mailboxes
- Covered sites
- Covered drives"
Reporting types
API access


Supplier type
Reseller providing extra support
Organisation whose services are being resold

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Other data at rest protection approach
"Data is encrypted with a unique symmetric key for each storage node pair. Encryption keys are 256-bit Advanced Encryption
Standard (AES)."
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Data is exported via the API interface or via the web console
Data export formats
Other data export formats
Data is exported in format of the original data only
Data import formats
Other data import formats
No data is backed up by product no upload required

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
When clients send data to Veritas SaaS Backup for protection, they typically use a Transport Layer Security (TLS)-encrypted tunnel. TLS is an encryption protocol that provides security for communications sent via the Internet as well as other types of data transfers. TLS encryption maintains the confidentiality and integrity of data, so they can't be modified, intercepted, or viewed while in transit. Veritas SaaS Backup only uses TLS 1.2 and has deprecated TLS 1.0, 1.1 and all versions of SSL (Secure Socket Layer).
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Data is encrypted with a unique symmetric key for each storage node pair. Encryption keys are 256-bit Advanced Encryption Standard (AES). If clients choose to authenticate via our services, we hash any stored user passwords using the 256bit-SHA2 hashing algorithm with large random salts. This is important in the unlikely event that the database is compromised.

Availability and resilience

Guaranteed availability
At least 99.9%
Approach to resilience
"The Veritas SaaS Backup is designed to be resilient through the use of
- Tier 3 Datacentres
- Dedicated Private Dark Fibre Network Backbone
- Each datacentre has 24x7 UPS and emergency Power, along with at least 2 sources of electrical power
- Datacentres are geographically dispersed with each region
- Continual data replication within region"
Outage reporting
The service uses MIR3 notifications to send email alerts when there is a downtime or degraded performance

Identity and authentication

User authentication needed
User authentication
Other user authentication
"By default, users access Veritas SaaS Backup services with a username and password, which are verified through an encrypted HTTPS login page. All simple passwords in Veritas SaaS Backup are stored, encrypted, and salted. The login
page will yield a simple delay mechanism on subsequent retries to avoid brute force attacks.

Veritas SaaS Backup leverages Single Sign-on (SSO) through a Security Assertion Mark-up Language (SAML) 2.0, such as Active Directory Federation Services (ADFS) that ensures identity verification by trusted sources. Veritas SaaS Backup acts as a service provider and the customer’s infrastructure acts as an identity provider.
Access restrictions in management interfaces and support channels
"Role based access control in Veritas SaaS Backup provides customers with granular permissions. The customer’s Master Admin can restrict access of other admins by assigning them a role with certain limitations. For example, there is a user role where admins can only do an in-place restore. They do not have any option to preview or download data.

Veritas Support and Keepit support do not have access to see customer data that is stored. Backend tools provide customer account info. and meta data such as email address, backup size, number of objects, connector name and logs. but no data."
Access restriction testing frequency
At least every 6 months
Management access authentication
Description of management access authentication
Management access is done through two factor authentication, password and certificates

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
"US: HIPAA, ISO 27001, SOC 2 Type 2, NIST 800-53/FISMA.
Europe: ISAE 3402 Type 2, ISO 27001, SOC 2 Type 2.
Australia: ISO 27001, SOC 2 Type 2"
Information security policies and processes
Veritas are Working towards ISO27001

Q Associates entire organisation process and structure are aligned and certified by NQA to ISO27001

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Veritas SaaS Backup proactively monitors all datacentre endpoints using industry leading technology. A comprehensive vulnerability knowledgebase in the industry, this delivers continuous protection against the latest worms and security threats. The solution deployed provides comprehensive reports on vulnerabilities, including severity levels, time to fix estimates, and impact on business, plus trend analysis on security issues. By proactively monitoring every network endpoint, this safeguard dramatically reduces the time spent researching, scanning, and fixing network exposures and enables us to eliminate network vulnerabilities before they can be exploited. All systems are scanned on a weekly basis to ensure security baselines are maintained.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
"The Veritas SaaS Backup utilises the following cyclic process
1 - Discover
2 - Prioritise Assess
3 - Assess
4 - Report
5 - Remediate
6 - Verify"
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Veritas SaaS Backup employs a variety of monitoring systems that produce alerts for our Data Centre Operations, engineering and management teams via email and SMS in the event of system availability and/or performance issues. Our Data Centre Operations staff has an around-the-clock, on-call rotation model. A dedicated 24x7 staff is responsible for tracking alerts and identifying potential issues.
Incident management type
Supplier-defined controls
Incident management approach
A step-by-step process is in place to
investigate and respond to any incidents.
The goals of our Incident Response Team are to:
1. Identify threats and contain incidents.
2. Maintain or restore business continuity.
3. Defend against further attacks.
4. Deter attackers through continuous monitoring, investigation, and prosecution.
Perform continuous counter-threat and security intelligence action.
If a client-facing issue is detected with the infrastructure or if an issue is reported by clients, a standard resolution process is

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

Connection to public sector networks


£38.40 a user a year
Discount for educational organisations
Free trial available
Description of free trial
The free 30 day Trial includes all the features of the product with the exception of providing backup for SharePoint. This is available as part of the trial on request
Link to free trial

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@qassociates.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.