Tricostar Software Ltd

CloudwareOne - Cloud Cost Compliance and Cost Management

CloudwareONE offers a single pane of glass view to help modern organisations manage and optimise their public cloud.
Reduce costs by 30%+, Gain insight to Security and Compliance challenges, Utilisation metrics to keep you workload optimised and save cost on Cloud Architects with CloudwareONE your Cloud Companion.






£500 per unit per month

Service documents

G-Cloud 11


Tricostar Software Ltd

James Lawler

01707 827 910

Service scope

Service scope
Software add-on or extension No
Cloud deployment model Public cloud
Service constraints No issues around support constraints. Support is done via email and answered within a 24 hour period.
System requirements
  • AWS we require readonly access via Cloudformation (JSON)
  • Azure we require API key to access readonly
  • GCP we require a service level account with readonly

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Within a 24 hour period
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support No
Web chat support No
Onsite support Yes, at extra cost
Support levels We cover support at one level, it is inclusive of the overall price and as we are not a business critical application support within 24 hours has been more then enough for our customers
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started Jump start includes training of staff on how to best use CloudwareONE. This will be include the following:
- Navigation of CloudwareONE
- Role Based Access Controls (RBAC)
- Alerting (Billing, Best Practices, Change Monitoring)
- How to setup Reports
- How to setup Dashboards
- Follow Session after 2 weeks
Service documentation Yes
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Word
  • Excel
End-of-contract data extraction No personal information is stored purely the extracted information from the public cloud provider. After the contract has ended the account is deleted and with it the customers cloud data.
End-of-contract process All is inclusive in the cost. Once the contract ends if they customer does not cancel we will automatically renew unless termination of the contract has been action.

Using the service

Using the service
Web browser interface Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install No
Designed for use on mobile devices Yes
Differences between the mobile and desktop service No differences to mobile and desktop service
What users can and can't do using the API API key can be provided
API documentation Yes
API documentation formats
  • HTML
  • PDF
  • Other
API sandbox or test environment No
Customisation available No


Independence of resources We autoscale our service so that users are not affected as additional users are added. We also use microservices to decouple user environments providing additional scaling and resilience.


Service usage metrics Yes
Metrics types We provide actionable insights and detail multiple public cloud metrics.
Reporting types Regular reports


Supplier type Reseller providing extra features and support
Organisation whose services are being resold

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • Other locations
User control over data storage and processing locations No
Datacentre security standards Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency At least every 6 months
Penetration testing approach ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data importing and exporting
Data export approach This can be done via csv or pdf
Data export formats
  • CSV
  • Other
Other data export formats PDF
Data import formats
  • CSV
  • Other
Other data import formats Pdf

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks Private network or public sector network
Data protection within supplier network TLS (version 1.2 or above)

Availability and resilience

Availability and resilience
Guaranteed availability AWS guarantee that Apps running in a customer subscription will be available 99.95% of the time. As CloudwareONE is not a mission critical solution this does not cause any detrimental issues to the customer nor operations.
Approach to resilience We use AWS global AZ's and have full resilience. Further details on this can be provide on request.
Outage reporting We provide email alerts and a public dashboard

Identity and authentication

Identity and authentication
User authentication needed Yes
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Access restrictions in management interfaces and support channels Access is controlled completely user authentication and RBAC is used and set within CloudwareONE. If a user is no longer within the business a support request by email can be submitted to remove the user. This is within the audit trail and can be shown to customers for GDPR that the user is no longer active within the platform.
Access restriction testing frequency At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for At least 12 months
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for At least 12 months
How long system logs are stored for At least 12 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 QMS
ISO/IEC 27001 accreditation date 24/04/2019
What the ISO/IEC 27001 doesn’t cover Nothing
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • We can provide Tricostar consultants with the following:
  • OSCP (Offensive Security Certified Professional)
  • Certified Ethical Hacking (CEH)
  • EC-Councils Certified Security Analyst (ECSA)
  • Licensed Penetration Tester (Master) Certifications
  • Certified Information Systems Security Professional (CISSP) (in progress at 17Apr2019)

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes We follow ISO9001 and ISO27001

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach All software is version controlled within a repository for distributed version control and source code management. Test cycles include System, Unit, Integration and public cloud best practices check list
Vulnerability management type Supplier-defined controls
Vulnerability management approach A number of methods are used to monitor and assess threats: 1. Alert notifications are sent by CloudwareONE to our support team where irregular activity has been detected e.g. unusual IP address - 2. Unusual activity is immediately investigated and verified as a threat or a known location and blocked or permitted 3. Security patches are automatically applied by CloudwareONE. CloudwareONE provides information regarding unknown IP addresses 5. Failed access attempts are tracked by the software and alerted to the support team where an unusual number of attempts are detected
Protective monitoring type Supplier-defined controls
Protective monitoring approach A number of methods are used to monitor and assess threats: 1. Audit trail of IP addresses and users that have accessed the service are tracked and checked weekly by our support team unless CloudwareONE is sent an interim alert 2. User activity is tracked by the system in both database per user events and also in audit logs - checked daily 3. Unusual activity is immediately investigated and verified as a threat or a known location and blocked or permitted 4. Immediate response on detection of issue
Incident management type Supplier-defined controls
Incident management approach Incident management is by the following workflow: 1. Detection and recording 2. Classification, initial support and communication to management & client 3. Investigation and initial diagnosis and communication to management & client 4. Resolution and Recovery and communication to management & client 5. Escalation if not resolved and communication to management & client 6. 7. Closure once incident has been deemed to have been resolved and communication to management & client

Secure development

Secure development
Approach to secure software development best practice Conforms to a recognised standard, but self-assessed

Public sector networks

Public sector networks
Connection to public sector networks No


Price £500 per unit per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial Access to CloudwareONE for a limited time PoC which we will work with you to ensure you obtain the best outcome and value.
Link to free trial

Service documents

pdf document: Pricing document pdf document: Service definition document pdf document: Terms and conditions
Service documents
Return to top ↑