CTO Technologies Ltd

SolarWinds software licensing and renewals

Delivering our focused infrastructure services to the NHS and healthcare, we work in partnership with SolarWinds to offer licensing, renewals, initial discovery/readiness, solution design, migration/adoption, support/optimisation and management of their SolarWinds products, including HealthCheck and SmartStart consultancy services to help our clients get the most from their SolarWinds deployment.

Features

  • Network Performance Monitoring and Configuration Management
  • Server and Web Application Monitoring
  • Systems and Database Management
  • IT Security
  • IT Service Management
  • Application Management

Benefits

  • Industry leading suite of network and security management products
  • Build on Orion® Platform offering flexible deployment options
  • Affordable price point—so you get maximum value for money
  • Support critical infrastructure services
  • Reduce and eliminate downtime
  • Efficiently manage and optimise IT infrastructure performance
  • Free-up IT teams' resources
  • Transform from a 'Reactive' to 'Proactive' IT organisation
  • Installation support from experienced and qualified engineers

Pricing

£10.00 a unit

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.bishop@ctotechnologies.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 0 4 6 5 2 1 4 6 0 0 2 1 7 2

Contact

CTO Technologies Ltd Mark Bishop
Telephone: 0845 644 3830
Email: mark.bishop@ctotechnologies.co.uk

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
SolarWinds software can be used as a stand-alone SaaS or integrated into CTO Tech’s Security and Infrastructure Management services.
Cloud deployment model
Public cloud
Service constraints
N/A
System requirements
Subject to product requirements

User support

Email or online ticketing support
Email or online ticketing
Support response times
As defined by SLA
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
As defined by SLA
Support available to third parties
Yes

Onboarding and offboarding

Getting started
SolarWinds offer a range of support and training facilities provided to help new and existing users. These range from FOC on-demand training through to professional services offered remotely and onsite. Online support portals and customers community forums are also available.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Downloadable in CSV or PDF formats.
End-of-contract process
All customer data is removed and destroyed and access to the platform is revoked for all customer-approved users. VPN connectivity to the cloud is decommissioned.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Browser-based application, which will work on internet-enabled devices.
Service interface
Yes
Description of service interface
Web-hosted portals with tailored dashboard of key data, showing relevant summaries, interactive, customisable and with extensive drill-down capability.
Accessibility standards
None or don’t know
Description of accessibility
Access is through a web browser utilising TLS/SSL secure communication with standard accessibility options including display size of page elements (text, images, tables etc). Support is either via phone or email.
Accessibility testing
None or don’t know
API
Yes
What users can and can't do using the API
Users can easily integrate and automate the sharing of capabilities and data.
API documentation
Yes
API documentation formats
  • PDF
  • Other
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
SolarWinds software offers a wide capability to create, modify and save dashboards and reports that can be set up based on the requirement of a client. CTO Technologies staff are experienced to support such customisations.

Scaling

Independence of resources
Effective and automated capacity planning.

Analytics

Service usage metrics
Yes
Metrics types
Vulnerabilities, Assets, Criticality, Patch rates, Trends, Compliance trends, Number of elements, Number of transactions, CareCERTs etc
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
SolarWinds

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
Encryption of all physical media
Data sanitisation process
No
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
SolarWinds software has a built-in mechanism enabling users to export their own data from the dashboard throughout the duration of the contract and on contract end.
Data export formats
  • CSV
  • Other
Data import formats
  • CSV
  • Other

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
As defined by SLA
Approach to resilience
Information available on request
Outage reporting
As defined by SLA

Identity and authentication

User authentication needed
Yes
User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
When a user is set up, they are assigned a role, either a system default role or a bespoke one. Each role has a specific set of activities and permissions assigned. This is controlled by Admin User. The role of a user account can be changed or disabled at any time.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 6 months and 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
8/01/2018
What the ISO/IEC 27001 doesn’t cover
Further clarifications regarding the scope of the certificate and the applicability of requirements may be obtained by consulting the certifier.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • • ISO 9001:2015
  • • Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus
Information security policies and processes
We abide by an Information Security Policy and have rigorous induction and training methods which ensure policies are followed. We also follow a strict reporting structure ensuring that any areas of concern are highlighted as soon as possible. Violation, either automatically detected or manually detected will reach our technical department immediately from where the issue will be escalated accordingly.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Our change management policy is designed to meet NIST best practices. Not all systems require the same amount of development, testing, and approval. Changes to some systems are routine and represent little or no risk. To ensure reasonable processing time for routine maintenance and low risk change requests, and to ensure that more significant, higher impact changes receive the appropriate scrutiny and planning, the following types of changes have been established. These types have corresponding development, testing, and implementation requirements as well as specific approvals necessary to process.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are assessed through Penetration Testing. Patches are deployed as soon as they are published by a vendor, during a maintenance window. Information on threats supplied by vendors.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Response are automated when possible. Otherwise, these are logged as security incident and responded to accordingly.
Incident management type
Supplier-defined controls
Incident management approach
Information Security Incident Management follows NIST frameworks, US-CERT guidelines and best practices. Notification will be made within 48 hours and not before the initial incident report, containing the basic facts, is completed. Notification will be sent to the data breach contact notification on file. Notification will be by email.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£10.00 a unit
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Free trials and Solution Demonstrations can be requested via CTO Technologies.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.bishop@ctotechnologies.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.