SVGC Limited

SVGC Military Partners Platform

SVGC Military Partners Platform is a cloud-based platform hosting a range of services and applications that support the assessment of foreign capabilities. Users can build, access and share services and applications quickly and easily to enhance capability management decisions.

Features

  • Secure UK Data Centre(s) and SC cleared staff
  • Host virtual machines at OFFICIAL/OFFICIAL-SENSITIVE
  • Connect hosted services across RLI and the Internet
  • Multiple access methods via: browser, thick client, SSH or RDP
  • Customisable levels of service, machine size, storage and support
  • We provide a fully managed service to support your environment
  • Formally accredited to host data with OFFICIAL/OFFICIAL-SENSITIVE marking

Benefits

  • Partnership approach to IaaS
  • Users can collaborate across RLI and the Internet
  • Simple, transparent pricing model
  • Build user-centric services across organisations and networks
  • Increase productivity and operational effectiveness by remote working
  • Over 20 years of experience of working with HMG Departments

Pricing

£10 to £250 per user per month

  • Free trial available

Service documents

G-Cloud 9

569679586255873

SVGC Limited

Ms Julia Campbell

01747820900

mail@svgc.co.uk

Service scope

Service scope
Service constraints There are no specific constraints relating to this flexible service, for terms of use please see the attached Terms and Conditions.
System requirements Modern Browser

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 51. The incident response time varies from 10 minutes depending on the level of priority it’s defined under.
User can manage status and priority of support tickets No
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Onsite support
Support levels Level 1 - Top Priority: In this case a full business solution should be delivered within 4 business hours to the client enabling it to move down to priority 2/3.

Level 2 - High Priority: A solution will be provided within 8 business hours, this will be a fully tested permanent solution or a temporary work around, this will reduce the priority level to 3.

Level 3 - Medium Priority: A solution will be delivered within 5 business days for a fully tested permanent correction or a temporary workaround, which would reduce the priority to a level 4.

Level 4 - Low Priority: A solution will be provided within one calendar month if within the remit of SVGC.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Basic training for both users and administrators is included in our Welcome Pack, which is shared as part of our On-Boarding process.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction Data export is provided at no additional charge, depending on the method of removal there may be a small charge (e.g. for use of NCSC approved media that we offer to clients for transfer and removal of their data).
End-of-contract process No additional costs.

Using the service

Using the service
Web browser interface No
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources Continuous monitoring and load balancing by our team.
Usage notifications Yes
Usage reporting Email

Analytics

Analytics
Infrastructure or application metrics No

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Secure-IA

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach In-house destruction process

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Databases
  • Virtual Machines
Backup controls All managed by us.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users contact the support team to schedule backups
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability 99.999% availability. Refund based on negotiation.
Approach to resilience Automatic fail over to a number of mirrored virtual machines.
Outage reporting Email alerts

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels Only accessible to named users on a specified internal network.
Access restriction testing frequency At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes The SVGC Private Cloud holds Accreditation from Defence Assurance and Information Security (DAIS) for hosting of OFFICIAL-SENSITIVE data and applications. The services delivered by SVGC are also accredited by other Government organisations including Pan Government Accreditation from NCSC. Working closely with the Government Accreditors and Senior Information Risk Owners from Government Departments such as NCA and HMRC, SVGC can mitigate project risk and significantly shorten the time taken to achieve the project accreditation and approval to operate.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All components are monitored all the time through their lifetime.
All changes are tested on a mirrored beta service before going live to confirm that changes have zero security impact.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our hosting solution currently holds security accreditation provided by MoD, NCSC, HMRC and GLD. The cloud services offered by SVGC are Accredited by the UK Defence Assurance and Information Security (DAIS) and operate services with Pan Government Accreditation, appropriate for Tier1, OFFICIAL information.
There is no direct mapping of the existing IL’s to the new classifications; the assessment of the threat and information risk is needed to determine the appropriate levels of assurance and controls. The diagram below indicates the level of assurance offered by the SVGC cloud services that typically apply to the ILs against the assessed threat levels.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Our hosting solution currently holds security accreditation provided by MoD and NCSC. The cloud services offered by SVGC are Accredited by the UK Defence Assurance and Information Security (DAIS) and operate services with Pan Government Accreditation, appropriate for Tier 1, OFFICIAL information.
There is no direct mapping of the existing IL’s to the new classifications; the assessment of the threat and information risk is needed to determine the appropriate levels of assurance and controls. The diagram below indicates the level of assurance offered by the SVGC cloud services that typically apply to the ILs against the assessed threat levels.
Incident management type Supplier-defined controls
Incident management approach Our hosting solution currently holds security accreditation provided by MoD, NCSC, HMRC and GLD. The cloud services offered by SVGC are Accredited by the UK Defence Assurance and Information Security (DAIS) and operate services with Pan Government Accreditation, appropriate for Tier1, OFFICIAL information.
There is no direct mapping of the existing IL’s to the new classifications; the assessment of the threat and information risk is needed to determine the appropriate levels of assurance and controls. The diagram below indicates the level of assurance offered by the SVGC cloud services that typically apply to the ILs against the assessed threat levels.

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider Secure-IA
How shared infrastructure is kept separate Individual VMs per organisation on seperate VLANs if necessary.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £10 to £250 per user per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Full version of the system for a negotiable limited time.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑