Digital Craftsmen Limited

Managed Cloud Hosting

Digital Craftsmen provide a managed support layer along with your choice of major public cloud vendors across Amazon Web Services, Microsoft Azure, Google Cloud Platform and others to offer public sector buyers complete peace of mind with their cloud infrastructure.

Features

  • Your choice of cloud provider - DCL, AWS, Azure, GCP
  • Tailored procurement or financing solutions
  • Fixed price contracts available using credits
  • Incident management, on-hand support, rapid deployment
  • ISO 27001 and Cyber Essentials Plus accredited
  • Scalable, secure and redundant infrastructure
  • Data can be hosted securely in the UK region
  • One bill to pay - support and infrastructure together
  • Proactive monitoring for critical application workloads
  • Proven track record with public sector projects

Benefits

  • Flexible cloud hosting managed by a team of certified engineers
  • A range of procurement models to support your buyer needs
  • Deployment planning workshops to help you define the requirement
  • Pay-as-you-go and fixed price models supported (Reserved Instances)
  • 24/7 support available for mission-critical applications
  • Security, intrusion detection, firewall and encryption supported
  • Helping your department or project to remain GDPR compliant
  • Suitable for any website, application or database needs
  • Establish hybrid or multi-cloud solutions where needed
  • Additional discounts available for public sector customers

Pricing

£95 to £245 a virtual machine a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simons@digitalcraftsmen.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 1 6 4 4 1 2 3 9 9 0 9 9 0 8

Contact

Digital Craftsmen Limited Simon Stewart
Telephone: 020 3745 7706
Email: simons@digitalcraftsmen.com

Service scope

Service constraints
Support package must be included with any infrastructure with the appropriately selected Service Level Agreement e.g. Critical.

Digital Craftsmen will provide a minimum of 24 hours' notice for any planned maintenance necessary to safeguard the integrity of any systems or applications we are hosting on behalf of public sector buyers.
System requirements
  • Choice of Operating System (Linux, Windows, RHEL, etc.)
  • Estimated RAM, CPU and Storage required
  • Unlimited Virtual Machines or Instances
  • Choice of Region or Availability Zones
  • Firewall with up to date ACL recommended
  • Essential, Growth or Critical Support Packages

User support

Email or online ticketing support
Email or online ticketing
Support response times
1) Major & Critical Support - 24/7
2) Critical Support - 24/7
3) Business Hours - Monday to Friday, 09:00 - 17:00
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
Chat client compliance with WCAG 2.0 standards. Chatbox is navigable by keyboard using screen reader software.
Onsite support
Yes, at extra cost
Support levels
Tier 1 - Response to requests during normal business hours in the event of a disruption including daily backups of your data. This service also includes standard security including basic monitoring and capacity reporting. Services on the level of office productivity tools, required for business to operate.

Tier 2 - Incorporating all the benefits of our Essential package, plus 24/7 critical support and resiliency designed to minimise any reasonable risk. Advanced monitoring to provide hardened security to defend your website against defacement and hacks. A target of 99.9% uptime to keep your site up and running. Rollback from 12 to 24 hours with a smooth recovery. Including incident reporting and configuration setup and management. Contributing to efficient business operation but out of direct line of service to customer.

Tier 3 - In addition to all Tier 2 services: business service monitoring, project management, and a disaster recovery time measured in minutes. A proactive role taken in preparing your business for the future, including designing business processes focused on protecting your data. A mission critical service that requires continuous availability.

Management Procedures, Email, Database Administration, Monitoring, Troubleshooting, Security, Configuration, Change Management, Domain Management, Backup, Migration, Application Management
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Typically, we start with a Discovery Workshop where we are able to accurately scope and define your technical requirements. Once your cloud infrastructure environment has been defined and made available to the customer we are happy to provide remote or on-site training with accurate documentation for our users. We typically operate the infrastructure on behalf of our public sector customers and provide access to the applications or development environments they require for their use case.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Public sector customers remain in control of their own data. Upon termination of the contract, the data may be transferred to a storage medium best suited to the customer or downloaded on request (depending on the type of data and the storage size requirements). It may also be appropriate to use long-term data archiving which we offer.
End-of-contract process
At the end of the contract, a customer handover document is provided with any necessary migration recommendations to a new provider or a shut-down workflow if the project is complete and the infrastructure no longer needed. A ticket would be opened and our support team would work with the public sector buyer closely to ensure that any data is preserved and returned in accordance with this agreement.

Using the service

Web browser interface
Yes
Using the web interface
Customers can log tickets and view progress.
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
Available with screen reader and supports accessibility options.
API
Yes
What users can and can't do using the API
Programmatically using Chef, Puppet, Automator and other tools to access web services across AWS, Azure or GCP. API access is managed on behalf of the client where the supplier has direct API access to the hosting environment which can be exposed as necessary to clients. API available for Request Tracker where internal ticketing system integration is required - available upon request.
API automation tools
  • Ansible
  • Chef
  • Terraform
  • Puppet
  • Other
Other API automation tools
  • AWS CloudFormation
  • Azure Blueprints
API documentation
Yes
API documentation formats
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • Other
Using the command line interface
SSH access available or other CLI tools operated on behalf of the client. Access to infrastructure made available to developers or other systems administrators upon request.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Dedicated hosts are available for each client and users may define the tenancy for their applications. Where managing customers on public cloud providers such as AWS or Azure, capacity management and separation of hosts is managed by the vendor. In private/hybrid cloud environment, zero contention maintained by Digital Craftsmen on our infrastructure.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Amazon Web Services, Microsoft Azure, Google Cloud Platform

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Databases
  • Virtual Machines
  • Websites
  • Objects
  • Containers
  • Files / File Stores
  • Applications
  • Other
Backup controls
Users are provided with backup, replication and disaster recovery options at the time of onboarding to define what level of redundancy they require. Users may increase or decrease the frequency e.g. from hourly to weekly of their backup cycles in line with it's Recovery Point Objective.
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.99% network uptime guarantee on our private cloud and response times to incident response guaranteed with service credits available in the unlikely event of us failing to meet SLA requirements.

For priority support:
Standard - 2 hours
Major - 1 hour
Critical - 30 minutes
Approach to resilience
Private cloud has no single point of failure. Additional measures for redundancy and business continuity provided as part of our standard service. Additional information available upon request.
Outage reporting
A public dashboard, email alerts and Slack notifications.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Customers will be provided with a username and password to access support channels through Request Tracker (encrypted with TLS).

Management interfaces only accessible via VPN connection.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
QMS
ISO/IEC 27001 accreditation date
30/01/2018
What the ISO/IEC 27001 doesn’t cover
- Third party client infrastructure not directly covered e.g. a customer's third party appliances or servers in our datacentre
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • Cyber Essentials Plus
  • Complying with PCI-DSS standards
  • Certifications from AWS or Azure available directly from vendors

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • ISO/IEC 27001
  • Other
Other security governance standards
Cyber Essentials Plus
ISO 27001:2013
Information security policies and processes
- Digital Craftsmen operates an Information Security Management System (ISMS) in accordance with ISO 27001.
- All staff are cleared with background checks and criminal background checks with their employment history and proof of identity above Baseline Personnel Security Standards (BPSS clearance).
- Only designated systems administrators have secure access to client environments with identify and access management tightly controlled.
- Regular security audits are performed by our technical team, including penetration testing, intrusion detection, firewall updates, anti-virus, encryption, patching and additional IT security measures.
- Digital Craftsmen operates an Information Security Forum at which vulnerabilities, security incidents and other threats are monitored and subsequently addressed in accordance with out ISMS policies.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Capacity Reporting - Service and resource usage and performance Reported on in monthly reviews
Change Management - To ensure that standardised methods and procedures are used for efficient and prompt handling of all changes, in order to minimise the impact of change-related incidents upon service quality All non-standard changes are follow the Change Management Procedure and are reported on fully.
Capacity Planning - Gives different scenarios for predicted business demand and offers costed options for delivering the service-level targets specified
Collect, analyse and propose a capacity improvement plan directed by: capacity shortages, forecast, adjustment, reserves and monitoring.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Secure VPN - Adding security and privacy to private networks and the sharing of data over public networks. VPN Access can be restricted using firewall rules dependent on your requirements.

Managed Firewall - Managed firewall services based on a hardened Linux image running IP Tables. Initial access is limited to only web traffic and any changes to firewalls are strictly controlled by your approved authorisers.
Clustered HA configured firewalls are also available for near-zero downtime demands.

Additional Processes
Operating System Patching, Middleware Patching, Anti-virus, User management, Access control across multiple platforms and applications
Certificate/ Key Management Deployment Directory Services.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Depending on Essential, Managed or Critical Support SLA.

1 - High
- All users of a specific service
- Personnel from multiple agencies are affected
- Public facing service is unavailable
- Any item listed in the Crisis Response tables

2 - Medium
- Multiple personnel in one physical location
- Degraded Service Levels but not processing within SLA constraints or able to perform only minimum level of service
- It appears cause of incident falls across multiple functional areas"

3 - Low
- One or two personnel
- Degraded Service Levels but still processing within SLA constraints
Incident management type
Supplier-defined controls
Incident management approach
Incident reporting - Incidents can be investigated and reported on through a post-incident report. The service desk assigns a category and priority to service requests in accordance with the SLA, providing a measurable and consistent service.

Incident Triage - Conduct investigation of alerts and reported incidents to determine cause. Escalate to client or internal team as appropriate

Incident Resolution - Own resolution of incident and restoration of service

Problem management - Ownership of recurrent incidents to identify and rectify root cause

Severity/impact; defined by SLA: response within 2 hours to 30 minutes, resolution of 4 or 8 hours respectively.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
Customers are separated by VLAN. Multiple firewall levels. Customers may request their own tenancy options e.g. dedicated hosts.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Information available upon request.

Pricing

Price
£95 to £245 a virtual machine a month
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Proof of Concept and Limited Time Trials available.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at simons@digitalcraftsmen.com. Tell them what format you need. It will help if you say what assistive technology you use.