We deliver a range of services from fully managed Desktop as a Service to Backup as a Service/ Disaster Recovery as a Service. Our cloud services are delivered from our Tier 3 ISO 27001 accredited data-centres. We deliver flexible, bespoke solutions tailored to individual customer requirements
- Remote access to service any time, any day
- Remote access over the Internet from any device
- Fully managed platform
- Automatic software updates
- High Availability
- Real time monitoring
- Disaster recovery
- Data protection to include perimeter security to systems
- Backup management
- Out of Hours support cover
- Opex pricing model - No expensive infrastructure refresh costs
- Mobile working
- Subscription model - capital expenditure free
- Reduced Infrastructure costs and maintenance
- Document control of corporate data
- Scalability & Flexibility to increase of decrease resource requirements
- Environmentally friendly
- Access to latest Microsoft products
- Common desktop experience across multiple types of devices
- Ease of access to corporate date and sharing of information
£50 to £150 per user per month
- Education pricing available
Castleton Technology Plc
|Service constraints||Subject to software vendors application compatibility, where possible the latest releases of Microsoft and VMware licensing are to be deployed. Periodically and at approved time planned maintenance of the hosted environment will be undertaken with ensuring the platform and virtual machines are meeting each technologies and manufactures patching and operating levels. In the event of a critical notification from a manufacture the affected hardware or software will be addressed. On an annual basis the customer will be encouraged to undertake a recovery test by invoking a Disaster Recovery within our isolated environment|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Our response times are dictated by the Service Level Agreements within individual customer contracts.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
|Support levels||We provide full end to end support, from 1st to 4th line. This covers from desktop user support, to infrastructure support, management and configuration. An example of 1st line would be a password reset for an end user, and an example of 4th line would be investigation into core service failure. All levels are included within the service cost. The option for a technical account manager is available but this is specified within the individual customer contract.|
|Support available to third parties||Yes|
Onboarding and offboarding
The onboarding process is subject to the size of a clients infrastructure or desktop requirement. In most cases a staging server is located onsite that acts as a transport layer for migrating servers and associated data to our hosting platform. At an agreed date typically over a weekend the on-premise infrastructure will be powered down and hosted servers made live for user acceptance testing. Following successful testing all external services such as email delivery will be enabled.
For large organisation with many servers, the staging server environment will be transported to our data centre over an agreed weekend
We offer several levels of training
1. Onsite - To customer's ICT team on how to administrate a managed desktop to support their end users at a first line level
2. Onsite - Train the Trainer whereby we train "super users" within the business who in turn train the users
3. Onsite - Direct end user training
|End-of-contract data extraction||
The offboarding process is agreed individually with each customer and timescales will be subject to size of estate to be migrated.
Following consultation with the customers new service partner an agreed method that follows industry best practice and standard formats for migrating data will be implemented. In all cases the data will be encrypted and provided to the new provider in person or by the means of a door to door delivery. All documentation to include passwords will be handed over during this transition process. Once the data has been received at the agreed date information being held on our platform will be destroyed using an approved removal tool and a copy of the removal notice confirmation will be issued to the customer.
Data extraction is included within the price of the service.
Data migration would incur additional cost .
Using the service
|Web browser interface||No|
|Command line interface||No|
|Independence of resources||Yes. We monitor the services and scale our infrastructure as appropriate.|
|Infrastructure or application metrics||No|
|Supplier type||Not a reseller|
|Staff security clearance||Staff screening not performed|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Other data at rest protection approach||Encryption of data using AES 256bit|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
Backups are managed by ourselves as part of the service. The following are agreed with the customer on a per server/application basis;
1. Backup interval (e.g hourly, daily)
2. Data retention (e.g 1 week, 1 month, 1 year)
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Users contact the support team to schedule backups|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
Individual SLA's are provided on a per contract basis.
Any service refunds are provided on a per contract basis based on service credits.
|Approach to resilience||Our service architecture is available on request.|
|Outage reporting||Service outages and scheduled maintenance are notified via email to designated account contacts.|
Identity and authentication
|Access restrictions in management interfaces and support channels||
No management interfaces are provided to customers.
Support interfaces are provided to individual users and restricted based on their standard logon credentials
|Access restriction testing frequency||Less than once a year|
|Management access authentication||Other|
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||Between 1 month and 6 months|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||User-defined|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||No|
|Security governance accreditation||No|
|Security governance approach||
Whilst we maintain the systems on behalf of our customers, the customer remains the Data Owner and as such are responsible for the implementation of appropriate controls and ensuring their staff adhere to their security policy and processes.
We are responsible for the underlying architecture and are in the process of working to ISO27001 accreditation hence our processes are based on that framework.
The Datacentre adheres to ISO27001 for physical security.
|Information security policies and processes||
For our Front office system, the customers are their own data owners and as such are responsible for their own security policies and processes.
For our Back Office systems, all staff adhere to our security policy (available on request). All breaches are reported to the Functional Department Heads who are responsible for reporting to our Services Director.
Our Services Director is responsible for reviewing and enforcing our security policy
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Our change management process ensures that all changes are necessary, documented, efficiently implemented and with minimal disruption.
Each change is managed by a document which defines details of the change, the priority and impact of the change, the reason for change, risks associated with the change, a back out plan and effects of this not being implemented.
The document is submitted to our change team who review and agree if the change will go ahead based on all the above factors.
|Vulnerability management type||Undisclosed|
|Vulnerability management approach||
Vulnerabilities for our key platforms are monitored through vendor notification.
We undertake scheduled, periodic updates of patches to our systems. Patches for critical updates are assessed independently and may be implemented ahead of the period updates.
All patches are applied in line with our change management process.
|Protective monitoring type||Undisclosed|
|Protective monitoring approach||We collect and log data based on activities of both systems and users. These are then reviewed and audited in near real-time. Adding both prioritisation and intelligent base lining enabled critical alerts to be raised and actioned by the correct engineer at the right time.|
|Incident management type||Supplier-defined controls|
|Incident management approach||We have defined process for logging, recording and resolving incidents. We aim to restore the service to our customers as quickly as possible, often though a fix or a work around. For common events we used pre-defined knowledge bases to allow knowledge transfer across the team. Incidents can be reported in three ways; telephone, email or via our online portal. Incidents reports vary on a customer by customer bases and are designed to meet each individuals requirements.|
|Approach to secure software development best practice||Supplier-defined process|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||VMware|
|How shared infrastructure is kept separate||
Each customer is delivered as a private tenant.
Each private tenant is provisioned with their own private network(s), secured by VMware virtual networking to ensure no communication between customers.
|Price||£50 to £150 per user per month|
|Discount for educational organisations||Yes|
|Free trial available||No|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|