IDE Group Manage Ltd

IDE Group Cloud Storage Service

IDE Group Cloud Storage Service provides a flexible pool of compute power and storage capacity and is ideal for private and UK Government Unclassified data. Operating from our highly resilient, TIA-942 Tier 3, UK-sovereign data centres, the service can scale as required and includes 24x7 access to our help desk.

Features

  • Proven and established deployment processes support Rapid On-boarding and Off-boarding
  • Hybrid Cloud services provides most cost effective solutions
  • Built-in, enterprise class, redundancy across data centres
  • ISO20000 and ITILv3 service Management aligned with pro-active monitoring
  • Accreditations/Certifications include ISO27001
  • Highly resilient infrastructure with no single point of failure

Benefits

  • Hybrid Cloud aligns requirements to lowest cost service delivery
  • Rapid on-boarding and off-boarding
  • Decreased deployment time for new resources and pre-built images
  • Protected customer data via high redundancy levels and stringent security
  • Optimum availability underpinned by ‘no single point of failure’ infrastructure

Pricing

£185.64 per server per month

  • Free trial available

Service documents

G-Cloud 9

714140563900579

IDE Group Manage Ltd

John Hawthorne

07817825082

john.hawthorne@idegroup.com

Service scope

Service scope
Service constraints Scheduled maintenance will take place outside of the normal working hours of Monday-Friday 08:30-18:00. Planned maintenance downtime will be advertised in advance, and outside of these windows the service will be available for use 24x7. Customers may not refuse planned works that are required by IDE Group to ensure the integrity, supportability, security, performance or availability of any infrastructure available to or used by you or any other customer.
System requirements
  • Systems must be hosted in a IDE Group data centre
  • Must support fibre channel or ISCSI

User support

User support
Email or online ticketing support Email or online ticketing
Support response times 30 minutes
User can manage status and priority of support tickets Yes
Online ticketing support accessibility None or don’t know
Phone support Yes
Phone support availability 24 hours, 7 days a week
Web chat support No
Onsite support Yes, at extra cost
Support levels We provide a single tier of support for this service. Support will be provided by our ISO20000-certified, ITIL v3 aligned UK-based service desk. Each account will have a named service manager, responsible for contract establishment, day to day operational relationship and service delivery. 24x7x365 support is included in the price. We can provide technical account managers or cloud engineers.
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started We can provide onsite and online training and documentation.
Service documentation Yes
Documentation formats PDF
End-of-contract data extraction We extract any data on behalf of the client.
End-of-contract process At the end of the contract we extract your data and securely return it to you. We will agree a timetable with you and ensure that both parties are aware of their responsibilities during the handover.

Using the service

Using the service
Web browser interface No
API No
Command line interface No

Scaling

Scaling
Scaling available No
Independence of resources N/A
Usage notifications Yes
Usage reporting Email

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types Disk
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Resellers
Supplier type Not a reseller

Staff security

Staff security
Staff security clearance Other security clearance
Government security clearance Up to Developed Vetting (DV)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least every 6 months
Penetration testing approach Another external penetration testing organisation
Protecting data at rest Physical access control, complying with another standard
Data sanitisation process No
Equipment disposal approach Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Virtual machines
  • Databases
Backup controls Our engineers control the backups. User control may be possible, depending on the nature of the user's requirements.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Supplier controls the whole backup schedule
Backup recovery Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability 99.99% availability. We provide service credits should we fail to meet our availability SLA.
Approach to resilience Available upon request.
Outage reporting We provide email alerts and emailed status updates from the service desk for the duration of any outage.

Identity and authentication

Identity and authentication
User authentication Username or password
Access restrictions in management interfaces and support channels We use usernames and passwords with strong passwords enforced.
Access restriction testing frequency At least every 6 months
Management access authentication Username or password
Devices users manage the service through
  • Dedicated device over multiple services or networks
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information You control when users can access audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information You control when users can access audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 Lloyds Register
ISO/IEC 27001 accreditation date 28/10/2016
What the ISO/IEC 27001 doesn’t cover Our entire service portfolio is covered.
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification Yes
Who accredited the PCI DSS certification Blackfoot Ltd
PCI DSS accreditation date 15/08/2016
What the PCI DSS doesn’t cover Any service lines not related to payment card transactions.
Other security accreditations No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance accreditation Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Our information security policies are mandated through our ISO27001 certification. At the corporate levels their compliance is monitored by our Quality Director, who reports into the executive board.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach We have a formal configuration change management process as part of our ISO27001-certified management system. Components are tracked by a dedicated third-line team. Changes are prioritised by the severity of the risk represented. Changes are assessed for security impact by our Change Advisory Board and only authorised changes will be implemented in the live system.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Our security specialists get information on potential threats from a range of sources, including specialist security bulletins. They assess various sources of information on sources of information relating to threat, vulnerability and exploitation techniques. We deploy patches as quickly as possible, with the highest priority patches applied first (based on potential impact of not patching). Threats are assessed by experienced security professionals and managed through our ISO27001-certified management system. Known vulnerabilities are tracked until mitigations have been deployed. Users are kept informed of any work in progress, as appropriate.
Protective monitoring type Supplier-defined controls
Protective monitoring approach We have a formal protective monitoring process. Our systems monitor for threats, weaknesses and malfunction and capture a wealthy of information on metrics related to these. We identify potential compromises by analysing the data collected for any potential problems. We respond to incidents in line with the SLA for that element of the service - a business-affecting incident has a lower response time than an incident affecting a single user, for example. Our monitoring system is covered by our ISO27001-certified management system.
Incident management type Supplier-defined controls
Incident management approach We have a formal incident management process, as part of our ISO20000 certification. It defines what to do in the event of an incident, who should do it and by when, based on the type and severity of incident. Users can report incidents by phone or email. We provide incident reports to affected parties by email bulletin, regularly updated during the course of the incident.

Secure development

Secure development
Approach to secure software development best practice Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £185.64 per server per month
Discount for educational organisations No
Free trial available Yes
Description of free trial Customers may opt to sign up for a 30-day trial period, free of charge.

Documents

Documents
Pricing document View uploaded document
Skills Framework for the Information Age rate card View uploaded document
Service definition document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑