Storm ID
Infrastructure as a Service
Azure delivers a 99.95% compute SLA and enables you to run solutions in the cloud. Azure provides built-in software patching, network load balancing and high-availability features. Azure offers 24x7 technical support with engineers constantly monitoring service health.
Features
- Highly available compute for Virtual Machines (VM)
- Infinitely-scalable from 1 to 100s of VM instances
- Built-in Virtual Networking, Load Balancing
- A wide range of compute machines capacities (CPU, RAM, disk).
- Load balance incoming traffic for high performance and availability.
- Data protection via auditing, restore and geo-replication
- Data protection via auditing, restore and geo-replication
- Multiple storage options for compute disc and data
Benefits
- Faster time to market
- Add or remove resources as your business demand fluctuates
- Increased scalability
- Align with DevOps, Agile development and Test Driven Development approaches
- Remove the operational overhead of managing your own infrastructure
- Improve the availability and uptime of your services
- Improve your organisation's disaster recovery and business continuity provision
- Pay only for the services that you consume
Pricing
£0.10 a virtual machine an hour
Service documents
Framework
G-Cloud 12
Service ID
6 9 1 1 0 4 8 9 1 2 1 3 9 5 5
Contact
Storm ID
Craig Turpie
Telephone: 0131 561 1250
Email: craig.turpie@stormid.com
Service scope
- Service constraints
- No service constraints.
- System requirements
- All system requirements are supported
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
-
Response times are categorised by service request priority: Urgent: 1 hour; High: 4 hours; Medium: 8 hours; Low: 16 hours.
Response times at weekends, public and bank holidays are negotiated separately. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Response times are categorised by service request priority: Urgent: 1 hour; High: 4 hours; Medium: 8 hours; Low: 16 hours.
P1 - Urgent: Complete loss of an entire service for all users or severe degradation resulting in inability to function;
P2 - High: Service functioning improperly resulting in some loss of service/system failure removing service from a number of users;
P3 - Medium: Service functioning at less than optimal performance/system problem impacting but not removing service, resolve minor bugs/site errors;
P4 - Low: Change requests.
Support services are tailored to each client and charges reflect the level of service required to support the service. Standard hourly rate is £105. A discounted rate of £95 can be had for bank of hours bought in advance.
Storm ID provide a Technical Account Manager backed up by a WebOps Team. Support can be accessed via an online ticketing system, email or phone. Enhanced support (outside office hours and at peak service use) is available optionally. Monitoring systems and alerts will be implemented with regular reports provided on service performance and support used. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
- Storm ID's Web Operations team will provide the appropriate documentation and knowledge to allow training on use of the Azure management portal that is used as part of this service.
- Service documentation
- No
- End-of-contract data extraction
- Providers will retain the data of the user after termination of the contract. for a period of 30 days. During this period users will still be able to access the service and retrieve the data.
- End-of-contract process
-
After you cancel the subscription, your access to Azure services and resources will end.
Before you cancel your subscription:
- We will back up your data. For example, if you're storing data in Azure storage or SQL, download a copy. If you have a virtual machine, save an image of it locally.
- Shut down your services and stop any running virtual machines, applications, or other services.
- Work with you to migrating your data.
Using the service
- Web browser interface
- No
- API
- No
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
- Automatic
- Independence of resources
- Virtualisation is used to ensure applications and users sharing the same infrastructure are kept apart.
- Usage notifications
- Yes
- Usage reporting
-
- SMS
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- Google Analytics
- Bespoke Event Tracking
- Reporting types
- Regular reports
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- EU-US Privacy Shield agreement locations
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
-
- Physical access control, complying with CSA CCM v3.0
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- In-house destruction process
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Automated Azure Web App Protection and Replication
- Automated Azure SQL database Protection and Replication
- Backup controls
- Backups are managed by the Storm ID Web Operations Team who will work with customers to define backup regimes.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Supplier controls the whole backup schedule
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Legacy SSL and TLS (under version 1.2)
Availability and resilience
- Guaranteed availability
- 99.99%
- Approach to resilience
- Microsoft Azure provides failover capability. More information available on request.
- Outage reporting
- Public dashboard, API, email alerts.
Identity and authentication
- User authentication
- Limited access network (for example PSN)
- Access restrictions in management interfaces and support channels
- Available on request
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
- 2-factor authentication
- Devices users manage the service through
- Dedicated device over multiple services or networks
Audit information for users
- Access to user activity audit information
- Users receive audit information on a regular basis
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- No
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials Plus
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- No
- Security governance approach
- Storm ID is working towards ISO/IEC 27001:2013 (ISO 27001).
- Information security policies and processes
-
Information is an asset that Storm ID has a duty and responsibility to protect.
Our information security management system (ISMS) sets our approach to managing information security and is approved by top management and communicated to employees, contractual third parties and agents.
Top management are committed to protecting the information that we store and process though good information security practices. To achieve this, and comply with regulations, we have established:
an information security policy
a commitment to customer focus and applicable regulatory requirements
information security objectives that are measurable and consistent with the information security policy
an ISMS describing our approach to information security
responsibilities, authorities and communication processes
a management review process
a process to ensure availability of resources
data access and security processes
a business continuity / incident management procedure
Top management believe that a commitment to information security is important in order to:
encourage information and cyber security awareness amongst employees, to develop and a ‘secure by design’ mindset
increase customer confidence, which helps build relationships with and retain customers
reduce our exposure to risk
effectively utilise our resources
Storm ID have Cyber Essentials Plus accreditation and are in the process of achieving compliance with ISO27001.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
Change management is employed to evaluate, control and minimise risk and cost, and maintain the established standards and quality criteria. Our change management process is incorporated into our ITIL-based continual improvement process, that encompasses business objectives, creates baselines, defines measurements, and plans and implements improvements. Our change controls:
establish the purpose, category and nature changes
determine the potential consequences of changes
assess resource requirements for the changes
We use configuration management to establish and maintain consistency in our software’s performance. This includes configuration management for:
Project/work management
Source control
Build/release pipelines
Packages and artefacts
Azure CSP tenancies, subscriptions and Infrastructure - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Storm ID apply our ISO13485 accredited Quality Management System processes, and Cyber Essentials Plus backed security best practices to the information and IT assets we handle, reducing risk associated with vulnerabilities by being able to identify, classify, prioritise, remediate and mitigate vulnerabilities. Vulnerability scans are run regularly to identify weaknesses in the configuration of systems and to determine if any are missing important patches or software. Remediation or mitigation is undertaken on any vulnerabilities identified according to the class and priority of the vulnerability.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
We use ‘always-on’ proactive and protective monitoring to:
monitor the software performance
systematically identify risks
detect software faults when they occur
quickly initiate necessary corrective actions
Our proactive monitoring involves collecting meaningful and practical information. To do this we use tools such as:
Azure App Insights
Azure Log Analytics
StatusCake
Performance analytics
Service reports
Helpdesk calls and tickets
Customer complaints and positive feedback - Incident management type
- Supplier-defined controls
- Incident management approach
-
Storm ID’s incident management process requires that all events and suspect events that could result in the actual or potential loss of data, breaches of confidentiality, unauthorised access or changes to systems, must be reported immediately to top management by email, telephone or in person.
Incidents are centrally recorded, and appropriate management measures, including escalation and notification procedures are in place.
Incident reporting procedures are included in employee training.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- No
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
Microsoft has signed up as a participant and an endorser of the EU code of conduct for datacenter efficiency.
Microsoft’s Azure cloud has been carbon-neutral since 2012. More than half of the energy it uses already comes from 1.6 gigawatts of wind, solar, and hydro-electric sources, and the company has announced that its cloud datacentres will be powered by 100 percent renewable energy sources by 2025.
Pricing
- Price
- £0.10 a virtual machine an hour
- Discount for educational organisations
- No
- Free trial available
- No