Intercity Technology Limited

Cloud Management Platform

Cloud Management Platform is one unified tool for managing private and public cloud virtualised environments to deliver modern IT Cloud Orchestration Services. Integrated with many best-of-breed apps and services, covering end-to-end requirements for setting up and overseeing analytics, governance, automation and production. Delivered from our dual British 24-hour operation centres.

Features

  • Operations - dashboard, reporting, analytics and guidance
  • Provisioning - creation and management of hosts and nodes
  • Infrastructure - organise groups of clouds, hosts and use roles
  • Backups - management using local storage or integrations
  • Logs - gauges, charts and system activities
  • Monitoring - type-specific system health checks
  • Services - cypher storage, archiving buckets, VM image build
  • Administration - create and manage users, pricing and policies
  • Analytics – rightsizing to reduce cost
  • Automation – faster provisioning

Benefits

  • Included with our private cloud compute
  • Manage hybrid cloud deployments
  • In-house Project Management team - APMP qualified
  • Governance – taking back control
  • Production – simplifying operations
  • ISO27001:Information Security Management Accredited
  • Cyber Essential Plus Certified
  • ISO22301:Business Continuity Accredited
  • Helpdesk, 24 hours, 7 days a week
  • NPS score +50:High customer satisfaction

Pricing

£0.30 a server a day

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@intercity.technology. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

6 5 6 3 9 4 3 3 8 8 1 4 6 8 7

Contact

Intercity Technology Limited Elise Sheridon
Telephone: 0330 332 7933
Email: tenders@intercity.technology

Service scope

Service constraints
Provided using Morpheus (supplier Morpheus Data).
System requirements
None

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support available 24x7x365 via our Network-Operations-Centre. Emails have a 2hour response target.

For high severity incidents escalation by telephone is advised to customers, Calls answered by a human in 30seconds (PCA30).

Customer portal uses prioritisation system determining 'First-Response-SLA', 'Update-SLA' and 'Resolution-SLA' times targeted.

P1 (highest priority/most severe/service down') have 30minute 'First-Response-SLA' target, hourly updates (Update-SLA) and a target resolution of 4hours for service restoration (Resolution-SLA).

Ticket Priorities are graded 1 to 4 - (TicketPriority/First-Response-SLA/Resolution-SLA)

P1-30minutes-4hour
P2-60minutes-8hour
P3-2hour-24hour
P4-4hour-48hour

We also provide a faster 15minute first response SLA for an uplift in cost.

Portal can support 'manual' accessibility via web-coding interface
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
No
Support levels
Support hours are 24x7x365.
 
Support is included within the service and is provided by our 24x7x365 Network Operations Centre, providing end-to-end service support
 
* Engineering Tiers 1 and 2 are provided 24x7x365
* Engineering Tier 3 provided 7am - 7pm, Monday - Friday (Extended Business Hours)
* Engineering Tier 4 (Operations Specialist) provided 9:00am - 5:30pm, Monday - Friday.
* Tiers 3 and 4 provide 'Out-of-Hours' support escalations via an on-call rota
 
Full vendor/manufacturer support is in place for platform/infrastructure issues to ensure service availability
 
Support tickets are prioritised using the following scale:

* P1 - critical
* P2 - major
* P3 - minor
* P4 - notable

Our SLA depends on the incident priority as follows:

* P1 - 4 hours
* P2 - 8 hours
* P3 - 24 hours
* P4 - 48 hours

Support is included in the cost. We do not provide a technical account manager or cloud support engineer.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide your administrator with credentials to access the Cloud Management Platform. User documentation is provided. Onsite training is available directly from Morpheus Data UK-based resource.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
The user's Cloud Management Platform tenancy is deleted. This removes all their data from the system.
End-of-contract process
The service includes the off-boarding of client data, client related documentation, and client connectivity.

Using the service

Web browser interface
Yes
Using the web interface
Manage private and public cloud as well as virtualised on-premises environments. Access to over 80 apps and services. Setup and oversee analytics, governance, DevOps automation and production lifecycles.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Login via our One Portal service management tool to access the Cloud Management Platform.
Web interface accessibility testing
None
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
Independence of resources, guaranteed performance levels, and scaling are based on defined criteria.

The platform and infrastructure that deliver the service is fully monitored, managed and maintained by our UK-Based 24x7x365 Secure Operations Centre, (ISOC) which is distributed across two sites giving true high availability and disaster recovery capability to the support function, using our own Service Management System. The ISOC, which is also responsible for managing life-critical health and transport public safety systems, operates in accordance with ITIL best practice.

Any performance or service related issues are dealt with and remedied by these operational service assurance teams.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Availability
  • Incidents
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Back-up services are based on defined client criteria
  • Virtual Machines (VMs), Physical servers and Workstations
  • VM backups are stored as images
  • Physical machine backups are stored as file structures
Backup controls
Back-up services are based on defined client criteria. Targeted items to be backed up and when they are scheduled is configurable and controlled by the client.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
Clients can contract to different service and availability levels based upon their requirements.

As a general rule, target availability for the platform is 99.95% (including planned maintenance) over a rolling 12-month period. We achieve this by delivering service from a platform configured in active/standby mode, comprising nodes located in geographically-diverse data centres designed and built to Tier 3 specification.

Each data centre has 99.98% availability, so the likelihood of total loss of both is remote.

Service levels include contracted availability with commercial penalties.

The process to refund users is agreed with the client at contract outset
Approach to resilience
A combination of resilience is deployed across software, hardware and datacentre layers is employed.

Target availability for the platform (software/hardware) is 99.95% (including planned maintenance) over a rolling 12-month period. We achieve this by delivering service from a platform configured in active/standby mode, comprising nodes located in geographically-diverse data centres designed and built to Tier 3 specification.

Tier 3 specification gives our customers N+1 redundancy as well as concurrent maintainability for all power and cooling components and distribution systems.

Each data centre has a target availability of 99.982%, so the likelihood of total loss of both is remote.

Further detailed information on this can be found in the uploaded Service Description.
Outage reporting
The service is monitored 24x7x365 and any outages are recorded and investigated.

Our Service Assurance team monitors the production service 24x7x365 from our UK-based Intercity Secure Operations Centre (ISOC) using our own IT service management system. The ISOC, which is also responsible for managing life-critical health and transport public safety systems, operates in accordance with ITIL best practice.

Reactive incident reporting is available by phone at all times. We provide updates at a frequency to match incident severity. Incident priority is specified by agreement on a case-by-case basis between our first-line agent and the person who reports the Incident, based on its impact upon your organisation.

We provide a Service Level Agreement (SLA) backed up by an escalation plan and service credits for any Priority 1 Incidents that breach their SLA.

Any service outages (planned or otherwise) are proactively reported to affected users by email and/or telephone. A service management portal is utilised to record faults and service interruptions.

Identity and authentication

User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Other user authentication
Authentication is based on defined client criteria.

They will connect via a dedicated secure and encrypted VPN configured specifically to provide access to the services they have subscribed too.

They will authenticate using dual factor authentication which requires a valid userID, plus a password and a time synchronised token. The token can be hardware or software based, and will be synchronised to their account providing a Time-Based One-Time password (TOTP) security to the account.

This ensure that only a valid, predefined user can access their service portfolio.
Access restrictions in management interfaces and support channels
All management interfaces are isolated on dedicated equipment and accessible only from a secure operations centre. All support activity is also isolated to the operations centre.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ISOQAR Limited
ISO/IEC 27001 accreditation date
29 September 2016
What the ISO/IEC 27001 doesn’t cover
Intercity has no exclusions to ISO/IEC27001.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials PLUS Certification

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Intercitys Head of Governance and Assurance reports directly into the Board and is responsible for managing Intercity's fully integrated management system with includes ISMS, QMS, BCM, SMS and EMS.

Intercity is committed to ensure the Confidentiality, Integrity and Availability of all systems and the data that resides within them. Core to the principles is compliance to ISO27001 which provides a sound basis for our security policies and managing risk to information assets.

A schedule of both internal and external audits is in place along with a program of continual improvement to ensure policies are appropriate to the requirement and that policies, processes and work instructions are being followed. Key objectives and KPIs are tracked and monitored which are relevant to policy performance.

Policies which make up our ISMS include:

Information Security Policy;
Information Security Employee Handbook;
Physical and Environmental Security Policy;
Information Security Incident Management Policy;
Data Protection Policy;
Access Control Policy;
Computer Disposal Policy and Controlled Waste;
Information Classification & Control Procedure;
Cryptography Policy;
Emergency Preparedness and Response Policy;
Virus Protection Policy;
Internet Usage Policy;
Mobile Computing & Teleworking Policy;
Company Asset Usage Policy;
Whistleblowing Policy.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Configuration and Change Management is in accordance with and ITIL process and are included with the scope of our ISO27001 - Information Security and ISO20000-1 - Service Management certification.

This embeds a security impact assessment across all potential changes to the design of a service to ensure customer data and assets are protected, and any changes that are approved by the Change Advisory Board, and implemented by our operational support teams do not introduce security risk or vulnerability into the service
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Vulnerability Management and Patch Management Policy's are included within the scope of ISO27001 certification and ensure compliance.

We have automated notifications from key vendors for security vulnerability alerts.

Notifications are assessed by our 24x7x365 Secure Operations Centre (ISOC). If considered high risk are reviewed by an Operations Specialist. If the risk category is agreed then the risk will be addressed via an Emergency Change including communication to affected customers. Target SLA is 4 hours

If graded as a low risk, a normal maintenance window will be agreed and planned. These are flexibly scheduled around customer requirements.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Protective monitoring is in accordance with ISO27001 certification

Our Cloud Security product provides content-level inspection, bringing intelligence to detect, log and quarantine known and zero-day attacks, as well as providing traditional next-generation firewall protection (ports/protocols/IP addresses)

The service is fully monitored, and managed by our UK-Based 24x7x365 Secure Operations Centre, (ISOC). The ISOC, which is also responsible for managing life-critical health and transport public safety systems, operates in accordance with ITIL best practice.

All security incidents have a P1 priority which has a 30 minute response, and 4 hour target fix.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Incident management follows an ITIL Process and is included within our scope of ISO27001 & ISO2000:1 certification.

The incident management lifecycle is delivered using our own service management system. Our in-house developed monitoring system (ServiceAlert®) integrates into our middleware automation platform and our ticketing system to process and filter data to ensure accurate fault reporting and service health, and effective management of the service.

Customers receive status information at regular, predefined intervals based upon incident priority. If the customer takes a managed service from us, they receive automated monthly activity reports containing service performance data.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Third-party
Third-party virtualisation provider
Morpheus Data
How shared infrastructure is kept separate
Morpheus is a multi-tenant solution providing secure segregation of clients' data, between separate security zones and between separate clients. The platform is accessible via private network connections, secure public services networks and the internet.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Intercity’s data centres are complaint to ISO27001 – Information Security, ISO14001 – Environmental Management as well as being aligned to IL3 specifications. Intercity has not yet signed up to the voluntary EU code of conduct for energy-efficiency and so is unable to confirm compliance however, Intercity does have an environmental management policy in place which includes an energy efficiency initiative and are looking into signing up to the adherence of the EU code of conduct for energy-efficiency.

Pricing

Price
£0.30 a server a day
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@intercity.technology. Tell them what format you need. It will help if you say what assistive technology you use.