Award winning Backup (BaaS) & DR (DRaaS) including Office365 - Nexprotect

NexProtect is a Hybrid-Cloud Backup and DR as a service (BaaS) (DRaaS) with fixed term pricing. Our unique commercial model with a fixed cost over 12 - 36 months, means no more surprise bills for Data Egress & includes Office365 backup


  • Hybrid Cloud Based Backup & DR
  • Agentless backup for VMware & Hyper-V
  • Fast file, folder, full system, application, bare metal recovery
  • Office 365 protection for Exchange Online, Sharepoint and OneDrive
  • Instant Recovery of data and applications with Virtual Standby functionality
  • Highly optimised, bandwidth efficient replication to the cloud
  • End to End data encryption
  • UK Based Data Centres & 24x7 Telephone Support
  • Fixed price service – Fixed cost over 36-60 months
  • No data Egress or failover costs


  • Onsite Appliance or no hardware.
  • Fast set up and easy to manage.
  • Fast recovery of Files, Databases and full BMR.
  • Protect your Cloud Based Applications as well as local.
  • In the event of a disaster, failover to our cloud.
  • Bandwidth included in the price.
  • Total data separation - No shared Cloud Hardware.
  • Total data sovereignty
  • Predictable costs - No Data Egress or Failover charges
  • Cloud portability - No lock-in.


£50 per terabyte per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

5 8 2 0 1 1 0 3 3 9 8 4 2 8 3



Troy Platts


Service scope

Service constraints
System requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
Severity 1 Within 30 minutes (business hours) within 1 hour (out of hours).
Severity 2 Within 4 business hours.
Severity 3 Within 8 business hours.
Severity 4 Within 12 business hours.
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Onsite support
Support levels
Standard - provides the customer with Email Support during our core business hours, Incident Management and access to our online Customer Portal to log incidents, view the Knowledge Base and follow incidents.

Service Desk - Standard with the addition of Monitoring and Telephone support.

Service Desk Plus - As above plus incidents and problems are recorded, classified, prioritised, tracked and resolved by the Nexstor Service Desk within the agreed Service Level Agreement. Nexstor will provide Quarterly Reporting based on this.

Fully Managed - Our Fully Managed solution offers our Service Desk Plus service as well as the following core functions:

Out of Hours Telephone Support (24 x 7 x 365)
Patch Management (Operating System and Enterprise software)
Change Management
On-site Support
External Vendor Management
Monthly Reporting

All costs are negotiable and dependent upon multiple factors including data volumes, contract length etc.

Every client has a technical account manager and service desk contact.
Support available to third parties

Onboarding and offboarding

Getting started
Depending on the Customers requirements, we will provide documentation and either onsite or online training.
Service documentation
Documentation formats
End-of-contract data extraction
We send the users data back to them on an appliance, that is fully encrypted.
End-of-contract process
At the end of the contractual period, should the client no longer wish to continue with the service, the end user will receive all of their data back within 7 days on an encrypted appliance. The client then gets 30 days to wipe the appliance and return in the packaging supplied. Shipping costs will be covered by us.

Using the service

Web browser interface
Command line interface


Scaling available
Independence of resources
Our service is a private, Hybrid cloud service and utilises dedicated appliances and Network Bandwidth. Each client get their own 100mb - 1Gbit line straight into our dedicated Cloud Appliance.
Usage notifications
Usage reporting


Infrastructure or application metrics
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
  • VMWARE & Hyper-V
  • Physical Servers (Windows/Linux/UNIX)
  • Office 365 including: Exchange online, Sharepoint, OneDrive
  • Databases: SQL, Oracle, Sybase, DB2
  • Files
  • NetApp
  • HPE Nimble
  • HPE 3PAR
  • Kaminario
Backup controls
Users work with our team to define their backup schedules - Users can have unlimited numbers of different schedules.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Its is our aim to provide 24x7 365 days access to our clients backup data and DR services. In the event that this SLA isn't met, we have a process in place to compensate clients on a case by case basis.
Approach to resilience
Redundancy in everything: Multiple cooling units, backup generators, power sources, chillers, etc. If one piece of equipment fails, another can start up and replace its output instantaneously. More details available on request.
Outage reporting
Our clients will be emailed

Identity and authentication

User authentication
Username or password
Access restrictions in management interfaces and support channels
Security groups
Access restriction testing frequency
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Information security policies and processes
Information security is managed by each client/user. All backup and DR data is encrypted and these encryption keys are held by the end user.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our Configuration components are tracked in are ITSM tool and notifications will be sent to Support to notify us of any significant milestones that require activity.

Our Change Process is categorised into three types of change – Normal; Standard; and Emergency.

The Change is documented and described in full in the Request for Change form and submitted for CAB approval. Once the Change has been approved by CAB it is logged in the ITSM tool.

Following any Change regardless of success or failure there is a review conducted and lessons learned are recorded.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Nexstor take the following measures to manage risk:

All vulnerability management should follow the Change Management Standard Operating Procedure.

All Software that may be impacted as a result of the application of a patch should be documented.

Vulnerabilities, loss of functionality and/or performance degradation that might be addressed by any patch deemed to pose too high a risk to implement should be mitigated against by another method wherever possible.

Nexstor will aim to align to vendor release cycles for all Software patches to minimise system vulnerabilities.

A record of applied patches will be kept for all systems wherever possible.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Nexstor has a series of monitoring tools that check on the performance and availability of the infrastructure, where warning and exceptions are identified alerts are sent to the Service Desk for review, and where appropriate for incidents, problems or changes to be created in the IT Service Management Toolset.

Alerts are responded to in line with each customers SLA.
Incident management type
Supplier-defined controls
Incident management approach
At Nexstor we follow our Incident Management Standard Operating Procedure for all incidents raised.

Customer contact to the Nexstor Service Desk to raise an incident is either via the Customer Portal, by telephone between 08:00 & 17:30 GMT/BST (Monday to Friday), or email. Calls received out of office hours will be forwarded to Nexstor’s out-of-hours on call Technical Engineer.

Incident reports can be provided on a scheduled or ad hoc basis depending on the customers requirements.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres


£50 per terabyte per month
Discount for educational organisations
Free trial available
Description of free trial
Potential clients can trial our service for 60 days for a max of 5TBs of data. This will be a fully functioning version out the service.

Service documents

Return to top ↑