This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with 404Team Limited are still valid.
404Team Limited

servNet - Data Infrastructure For Education

Host applications in a secure cloud, providing, email and domain hosting, App and Desktop deployment wrapped around a 247 helpdesk with the options of adding SIMS (School Information Management Systems) as Desktop as a service

Features

  • Scalable usability
  • In the cloud
  • Security
  • PaaS
  • Citrix and Microsoft technology
  • Virtualised operating system with you applications and data
  • Enhanced desktop experience
  • Manged 247 support and management
  • Pay as you go
  • Use you own licences

Benefits

  • Add and remove users month to month
  • Access the data securely from anywhere
  • Data center with full resilience
  • Fully customisable
  • Seamlessly scale from 5 to thousands of users
  • Increased and enhanced flexibility and Mobility
  • Increased security but centrally delivered service
  • Streamlined key it process reducing management time
  • Work anytime anywhere across your devices
  • Per user pricing per month

Pricing

£15 a user a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ask@404team.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

5 9 5 3 1 2 8 1 9 5 9 1 1 7 6

Contact

404Team Limited Brett Loveday
Telephone: 07921 237 662
Email: ask@404team.com

Service scope

Service constraints
We would need to do a client service profile so we wound need to complete an Non-Disclosure Agreement in order to access the Client Data.
System requirements
Data connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard response times are within 15 minutes.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
All aspects of the visitor interface are customisable, therefore allowing any changes required. 2 of the 3 standard templates are W3C compliant and the solution has been tested by a representative from RNIB for use with the well-known screen readers. As the visitor interface is fully customisable, with access to the CSS and HTML, accessibility must be considered when customising/ changing the button/windows/forms.
Web chat accessibility testing
No testing has been completed.
Onsite support
Yes, at extra cost
Support levels
SLA's Start at 24/7/5 with a 15 min response and vary according to requirement.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A service profile will be created with the client and by using an onboarding process which entails visiting every user to migrate their setting and offering a floor walking service.
Service documentation
Yes
Documentation formats
  • ODF
  • PDF
End-of-contract data extraction
We provide the data on a encrypted device that the customer supplies and they own the encryption key.
End-of-contract process
We remove the client off the service and keep the data for 3 months and then the data is deleted 90 day termination notice.

Using the service

Web browser interface
No
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
Users have there own profile with a set amount of space allocated to them.
Usage notifications
No

Analytics

Infrastructure or application metrics
No

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Encryption of all physical media
  • Other
Other data at rest protection approach
Antivirus, only access is via encrypted connection email is securely filtered by an external mail filtering service all systems are backed up hourly against ransomware.
Data sanitisation process
No
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Profile
  • Virtual machines
  • Email
  • Data
Backup controls
Managed centrally by 404.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
Modified SSL Ciphers to achieve an A+ certification rating. Service is fully encrypted end to end via a relay and there is no direct connection.
Data protection within supplier network
Other
Other protection within supplier network
Via an anti-virus service, firewall and backups.

Availability and resilience

Guaranteed availability
99.9% on SLA.
Approach to resilience
Designed with single site resilience. All systems are duplicated with no single point of failure which is replicated daily to DR facility.
Outage reporting
We will call the client and alert the client via social media.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels
No Generic accounts. All named users have a User name and password and passcode token. Tiered access hierarchy based on job role and/or designated client.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Cloud security at 404 team is the highest priority. As an 404 team customer, you will benefit from a data centre and network architecture built to meet the requirements of the most security-sensitive organizations. Measures taken include but not limited to Anti-Virus, Anti-Phishing, Fusemail-Anispam, Anti-Ransomware, System is backed up hourly, Virtual Desktops are read-only, Client and Virtual desktop run Sophos suite antivirus with daily backend scans.
Information security policies and processes
We are currently working towards IS27001 and are using their suggested framework including policies & processes.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
404 Team utilises ITIL best practises to manage all changes, this includes RFS' Change Advise Boards and rigorous testing through our dev/pre-production environments with pre-defines test plans and roll back procedures. All changes are also logged within the helpdesk system and CMDB.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
404 team has a documented vulnerability management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources, which cover a significant proportion of 404 team asset population. For other systems and software, assigned personnel have responsibility for regularly reviewing technical forums and specialist groups to promptly identify and evaluate any emerging patches or updates which require our attention.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
404 team has a documented vulnerability management policy and process, which have been implemented, maintained and assessed in accordance with the guidance from ITIL v.3 and the current ISO20000 and ISO27001 standards. Where technically possible, real-time updates and status reports are identified and sourced from credible vendor sources, which cover a significant proportion of 404 team asset population. For other systems and software, assigned personnel have responsibility for regularly reviewing technical forums and specialist groups to promptly identify and evaluate any emerging patches or updates which require our attention.
Incident management type
Supplier-defined controls
Incident management approach
404 team has a documented incident management policy and process. This activity is responsible for the progression of alerts generated by automated monitoring systems, issues identified by 404 team personnel, and incidents identified and reported to 404 team by its customers and partners. All incidents are promptly reported into a central ticketing system, which ensures that each is promptly assigned to an appropriate resource, and its progress tracked (and escalated, as required) to resolution.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Citrix XenServer
How shared infrastructure is kept separate
Separate OU's that contain individual Group policies, separate DFS shares are permissioned so that only the client can view. The separate Citrix Farms are controlled by the AD groups, so that only certain OU's have access to the separate session servers.

Energy efficiency

Energy-efficient datacentres
Yes

Pricing

Price
£15 a user a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ask@404team.com. Tell them what format you need. It will help if you say what assistive technology you use.