servNet - Data Infrastructure For Education
Host applications in a secure cloud, providing, email and domain hosting, App and Desktop deployment wrapped around a 247 helpdesk with the options of adding SIMS (School Information Management Systems) as Desktop as a service
Features
- Scalable usability
- In the cloud
- Security
- PaaS
- Citrix and Microsoft technology
- Virtualised operating system with you applications and data
- Enhanced desktop experience
- Manged 247 support and management
- Pay as you go
- Use you own licences
Benefits
- Add and remove users month to month
- Access the data securely from anywhere
- Data center with full resilience
- Fully customisable
- Seamlessly scale from 5 to thousands of users
- Increased and enhanced flexibility and Mobility
- Increased security but centrally delivered service
- Streamlined key it process reducing management time
- Work anytime anywhere across your devices
- Per user pricing per month
Pricing
£15 a user a month
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at ask@404team.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 10
Service ID
5 9 5 3 1 2 8 1 9 5 9 1 1 7 6
Contact
404Team Limited
Brett Loveday
Telephone: 07921 237 662
Email: ask@404team.com
Service scope
- Service constraints
- We would need to do a client service profile so we wound need to complete an Non-Disclosure Agreement in order to access the Client Data.
- System requirements
- Data connection
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- Standard response times are within 15 minutes.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- All aspects of the visitor interface are customisable, therefore allowing any changes required. 2 of the 3 standard templates are W3C compliant and the solution has been tested by a representative from RNIB for use with the well-known screen readers. As the visitor interface is fully customisable, with access to the CSS and HTML, accessibility must be considered when customising/ changing the button/windows/forms.
- Web chat accessibility testing
- No testing has been completed.
- Onsite support
- Yes, at extra cost
- Support levels
- SLA's Start at 24/7/5 with a 15 min response and vary according to requirement.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- A service profile will be created with the client and by using an onboarding process which entails visiting every user to migrate their setting and offering a floor walking service.
- Service documentation
- Yes
- Documentation formats
-
- ODF
- End-of-contract data extraction
- We provide the data on a encrypted device that the customer supplies and they own the encryption key.
- End-of-contract process
- We remove the client off the service and keep the data for 3 months and then the data is deleted 90 day termination notice.
Using the service
- Web browser interface
- No
- API
- No
- Command line interface
- No
Scaling
- Scaling available
- No
- Independence of resources
- Users have there own profile with a set amount of space allocated to them.
- Usage notifications
- No
Analytics
- Infrastructure or application metrics
- No
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Staff screening not performed
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Encryption of all physical media
- Other
- Other data at rest protection approach
- Antivirus, only access is via encrypted connection email is securely filtered by an external mail filtering service all systems are backed up hourly against ransomware.
- Data sanitisation process
- No
- Equipment disposal approach
- In-house destruction process
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Files
- Profile
- Virtual machines
- Data
- Backup controls
- Managed centrally by 404.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
- Modified SSL Ciphers to achieve an A+ certification rating. Service is fully encrypted end to end via a relay and there is no direct connection.
- Data protection within supplier network
- Other
- Other protection within supplier network
- Via an anti-virus service, firewall and backups.
Availability and resilience
- Guaranteed availability
- 99.9% on SLA.
- Approach to resilience
- Designed with single site resilience. All systems are duplicated with no single point of failure which is replicated daily to DR facility.
- Outage reporting
- We will call the client and alert the client via social media.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- No Generic accounts. All named users have a User name and password and passcode token. Tiered access hierarchy based on job role and/or designated client.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Username or password
- Devices users manage the service through
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- User-defined
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Cloud security at 404 team is the highest priority. As an 404 team customer, you will benefit from a data centre and network architecture built to meet the requirements of the most security-sensitive organizations. Measures taken include but not limited to Anti-Virus, Anti-Phishing, Fusemail-Anispam, Anti-Ransomware, System is backed up hourly, Virtual Desktops are read-only, Client and Virtual desktop run Sophos suite antivirus with daily backend scans.
- Information security policies and processes
- We are currently working towards IS27001 and are using their suggested framework including policies & processes.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- 404 Team utilises ITIL best practises to manage all changes, this includes RFS' Change Advise Boards and rigorous testing through our dev/pre-production environments with pre-defines test plans and roll back procedures. All changes are also logged within the helpdesk system and CMDB.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- 404 team has a documented vulnerability management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources, which cover a significant proportion of 404 team asset population. For other systems and software, assigned personnel have responsibility for regularly reviewing technical forums and specialist groups to promptly identify and evaluate any emerging patches or updates which require our attention.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- 404 team has a documented vulnerability management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources, which cover a significant proportion of 404 team asset population. For other systems and software, assigned personnel have responsibility for regularly reviewing technical forums and specialist groups to promptly identify and evaluate any emerging patches or updates which require our attention.
- Incident management type
- Supplier-defined controls
- Incident management approach
- 404 team has a documented incident management policy and process. This activity is responsible for the progression of alerts generated by automated monitoring systems, issues identified by 404 team personnel, and incidents identified and reported to 404 team by its customers and partners. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- Citrix XenServer
- How shared infrastructure is kept separate
- Separate OU's that contain individual Group policies, separate DFS shares are permissioned so that only the client can view. The separate Citrix Farms are controlled by the AD groups, so that only certain OU's have access to the separate session servers.
Energy efficiency
- Energy-efficient datacentres
- Yes
Pricing
- Price
- £15 a user a month
- Discount for educational organisations
- No
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at ask@404team.com.
Tell them what format you need. It will help if you say what assistive technology you use.