Hayne Solutions Ltd

Hayne Cloud

A ‘fully managed’ Financial Planning and Management cloud solution from HAYNE comprising of dedicated cloud servers, storage, network capacity based on the Azure IaaS platform coupled with a complete FPM software solution – maintained, monitored and supported by a dedicated team of certified technical engineers at HAYNE.

Features

  • Fully managed service (support & operations)
  • Remote access
  • Realtime application monitoring
  • Realtime security monitoring
  • Financial Consolidation
  • Business Intelligence
  • Higly scalable

Benefits

  • Fully managed solution
  • End to End support
  • Proactive cost management
  • Enable the business to adapt quickly
  • Budgeting and planning that can be easily adapted
  • Forward-looking predictive and cognitive capability
  • Create timely, secure and reliable plans, budgets and forecasts
  • Automation of repetitive and low-value manual tasks
  • Detailed audit trail from ERP through adjustment journals

Pricing

£200 to £2000 per server per month

Service documents

G-Cloud 10

611885344583228

Hayne Solutions Ltd

Neil Whitmore

01789 868770

neil.whitmore@hayne.co

Service scope

Service scope
Service constraints Planned maintenance schedules are in place for essential server maintenance and patching. Typically these are out of hours and planned 12 months in advance.
System requirements
  • Internet access
  • Internet Browser
  • VPN endpoint device e.g perimeter firewall/router

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Typical response is 15 minutes, standard SLA is 1 hour. Bespoke SLAs are negotiable.

Out of hours and weekend support are not standard but negotiable.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels As a fully managed solution end to end support is included, which covers the Cloud IaaS and the business applications via a single point of contact. Support is break fix and does not include consultancy or training requests.

An enhanced support level called "Assist+" is available in which bespoke options can be included e.g. extended hours, additional product support and requests.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Most types of training are available, from one on one sessions, on-site or office based classroom sessions.

Product documentation is supplied and bespoke documentation is also available specific to the buyers solution.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction This process is dependent on the product set and buyer requirements, but typically the solutions are SQL driven.

At the end of the Contract the buyer has the option to take ownership of the solution or the solution can be decommissioned and copies of data provided.

In the case of SQL, typically a BAK or BACPAC would be given to the buyer via an encrypted file transfer.

Where possible we try to meet the requirements of the buyer rather than enforce our own process.
End-of-contract process At the end of a typical contract the buyer has three options:

1) rolling contract or negotiate new contract
2) solution is handed over to the buyer and ownership is transferred
3) solution is decommissioned and data handed over

These processes are included as part of the cost. If the buyer has specific requirements that are far beyond the standard process which consumes further resource then this may incur additional cost

Using the service

Using the service
Web browser interface Yes
Using the web interface The web interfaces are specific to the product set and combination of options and features that the buyer opts for as part of the solution, so there is no general answer.
Web interface accessibility standard None or don’t know
How the web interface is accessible This is dependent on the business issues that the solution is designed to address for the buyer and the overall requirements of the buyer around RBAC.
Web interface accessibility testing As a reseller we would not undertake this aspect of product development, we work with major vendors and it is expected this level of testing would be undertaken by the vendor.
API No
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Each solution is dedicated to the buyer so users will not be competing for resources with other customers.

In terms of preventing one buyers user consuming all the resource or impacting on other users on the same solution, the system will be scoped for maximum user load based on the total number of concurrent users, in some instances auto-scaling can/will be used to address resource issues.
Usage notifications Yes
Usage reporting
  • Email
  • Other

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft, IBM, LucaNet, Tagetik

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations Yes
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least once a year
Penetration testing approach In-house
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Virtual Machines
  • Databases
  • Files
Backup controls Backups are part of the managed service, buyer involvement is not required.

If the buyer has a specific requirement to perform manual backups on-demand, this can be accommodated.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability The Azure IaaS platform that is used for the HAYNE FPM solutions are backed by a 99% uptime SLA and in cases where the solution meets a specific requirement it is a 99.99% financially backed SLA.
Approach to resilience Every aspect of the Azure IaaS is highly resilient and fault tolerant with a minimum of N+1 for all components infrastructure components.

Data is replicated to at least 3 locations, so in the event of any major datacentre outage, servers can typically be brought back online with a reboot or in the event of a full DR situation, a recovery from backup.

The FPM software applications are however not fully fault tolerant due to the design of the solution relying on multiple data sources and software components.

Where possible HA features are enabled at the application level to reduce overall SPOF.
Outage reporting In most cases HAYNE will communicate directly with the buyer in the event of an outage either by email or phone or both depending on the severity of the outage.

HAYNE offer advanced service monitoring facilities specific to the customers solution, a website would be available to view the overall status of the solution and view historic availability and performance metrics.

In addition HAYNE use multiple monitoring solutions to proactively manage our customers solutions, so we expect to be proactive in alerting the customer to any issues in the first instance, in the event of a fault we would expect HAYNE to be the first point of contact.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels RBAC is used and we follow the rule of least privilege for all users and systems. Where possible we deploy multi-factor authentication.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
Devices users manage the service through
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Less than 1 month
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for Between 1 month and 6 months
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified No
Security governance approach HAYNE follow industry best practice processes and use the ISO 27001 framework as our standard approach to security.

Due to operating a Cloud based service, security is at the forefront of what we do, it was also a deciding factor in why we adopted the Microsoft Azure platform to power our solution, due to the level of international security certifications and overall approach to security that Microsoft have.
Information security policies and processes We have an established and documented ISMS based on the ISO 27001 framework.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach HAYNE have an established change management process, all requests are managed through our IT ticketing and asset control system.

Change requests are used for any change that impacts a live system and which introduces risk.

The level of risk is assessed and if approved is signed off by the ISO

In cases where the change impacts an internet facing system, further checks are performed along with post implementation penetration checks (in-house).
Vulnerability management type Supplier-defined controls
Vulnerability management approach Real-time monitoring and vulnerability assessment is performed. HAYNE have a comprehensive operational checklist which is signed off each day to ensure critical checks are performed.

The main focus of our operational checks and real-time monitoring is around several key areas of security and availability:

Identity and Access Control (Failed logons, locked accounts)
Update Compliance (Security Patching)
Threat Intelligence (Network behavioural analysis)
Common Configuration Enumeration (CCE)
Backup & Recovery

We constantly review and respond to the assessments and where applicable implement controls.

HAYNE have a planned maintenance schedule for patching and related activities. Imminent threat or risk we deploy patches a.s.a.p.
Protective monitoring type Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach The Azure platform which HAYNE utilises is compliant with CSA/CCM as well as many other international standards.

Specifically for the way HAYNE manages the solution, we use the security monitoring tools provided by Microsoft to monitor all security activity. HAYNE have developed security dashboards to allow HAYNE to focus on critical areas of customer solutions.

HAYNE have multiple alerts in place to inform technical staff of threats (email & SMS) for out of hours issues.
Incident management type Supplier-defined controls
Incident management approach Predefined incident response policies and processes are in place, while HAYNE is not certified, we follow the ISO 27001 framework for incident management. All customer incidents are logged and tracked on our support system.

With regard to the Azure platform, this is ISO 27001 compliant, should an incident affect that aspect of the solution Microsoft would follow their policies and processes.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Third-party
Third-party virtualisation provider Microsoft Azure
How shared infrastructure is kept separate •Authentication: An Azure AD tenant is logically isolated using security boundaries
•Compute: Standalone virtual machines do not have access to a physical host server, this isolation is enforced by using physical processor (ring-0/ring-3) privilege levels.
•VM placement algorithm & protection from side channel attacks. Rules Configured by Fabric Controller Agent to Isolate VM
•VLAN Isolation
•Logical Isolation Between Compute and Storage
•IP Level Storage Isolation
•Encryption in transit
•Encryption at rest
•Isolation through Network Topology

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £200 to £2000 per server per month
Discount for educational organisations No
Free trial available No

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑