Managed AWS IoT Services
lease see our website for an overview of our IoT services - https://www.ans.co.uk/what-we-do/advanced-services/ANS The platform connects devices easily and securely, interacting with cloud applications and other devices. AWS IoT can support billions of devices and trillions of messages, processing, route messages to AWS endpoints and other devices reliably/securely.
https://aws.amazon.com/iot/
Features
- Rapid set up
- scalable IoT device connectivity (Millions)
- multiple protocol support
- reliable bi-directional communications
- IoT security embedded end to end
- gateway to advanced cloud functions (ML & AI)
Benefits
- IoT Device Scalability
- Easy IOT device provisioning
- End to End management
- public sector solution templates
- pay as you go pricing matrix
Pricing
£5,000 to £250,000 a unit
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 10
Service ID
7 1 5 6 2 1 4 9 6 9 3 7 2 3 6
Contact
ANS Group
Anthony Maxwell
Telephone: +44 (0) 1612271000
Email: tenders@ansgroup.co.uk
Service scope
- Service constraints
- There are no restrictions to the IoT services provided by the platform from a protocol, connectivity, scalability and management perspective
- System requirements
- N/A
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
-
Customers will be able to take advantage of industry leading certified engineers and experts on the end of the phone 24x7x365.The service desk is backed by ITIL aligned process and provides comprehensive Response SLAs from P1 to P5:
P1 - 30 Mins
P2 - 1 Hour
P3 - 4 Hours
P4 - 1 Day
P5 - 2 Days
All incidents are recorded in ANS’ Service Desk ITSM system under the Incident Management workflow. ANS records the name of the person reporting the incident, call time and any pertinent information, along with resolution criteria ensuring that the workflow is initiated correctly. - User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 24 hours, 7 days a week
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Integration with Microsoft Teams/Slack
- Web chat accessibility testing
- Though we do not conduct any formal testing assistive technology users – We have selected both Teams and Slack due to the variety of communication methods that are integrated – text chat, voice and video.
- Onsite support
- Yes, at extra cost
- Support levels
-
Managed Support sees ANS take complete responsibility for the platform availability, to deliver a utility grade SLA. Managed support identifies more than 75% of all incidents proactively through our Enterprise Monitoring System, with each incident assessed and resolved without customer interaction.
ANS Managed Support provides access to ANS’ industry leading certified support engineers and experts on the end of the phone 24x7x365. The Enterprise Monitoring system will ensure the service is proactively managed and monitored on a 24x7x365 basis. The contract will be managed via the ANS GLASS portal, which is a customer facing portal for the management of the service.
ANS will provide a dedicated Service Manager from our specialist service management team over the term of the contract. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
ANS’ Cloud Start covers all technical aspects of the initial setup and configuration, and is delivered as a fixed price project under a single SKU. ANS endeavours to facilitate the extension of operational tooling and processes wherever possible to reduce the complexity of adoption, whilst designing all aspects to be secure, aligned to best practice and as financially efficient as possible. Effectively the Cloud Start service will provide the following business outcomes:
Best Practice Security Configuration across AWS & Azure – ensure the platform policies, network and identity model align to current security obligations and policies.
Operational Alignment and Hybrid Integration – extending where possible, all operational tooling, process and management services to enable simplified adoption and management of the platform.
Production Ready Platform – enabling you to begin using both Azure and AWS in confidence, knowing that the configuration is as financially efficient and as secure as possible. - Service documentation
- Yes
- Documentation formats
-
- HTML
- ODF
- End-of-contract data extraction
-
ANS follows a Managed Service transition process to ensure smooth delivery of services into BAU from project phase. ANS’ customer on-boarding process is split into phases, outlined below:
On-Boarding Presentation - All the information the customer needs to know about the service
Customer Welcome Pack - Provides the customer with relevant documentation before going into BAU
On-Boarding Checklist - Internal document ensuring all on-boarding steps are completed before the solution goes live.
Providing an efficient and professional transition period is of the utmost importance. Customer on-boarding is the first introduction to the Managed Service and so needs to be carried out thoroughly.
ANS ensures all relevant documentation and personnel are made available to the customer to meet the on-boarding time scale. This is achievable due to ANS’ on-boarding process being a standardised process that all Managed Service customers go through after the award.
It is the responsibility of Service Manager to distribute the checklist to the customer, assist with its completion, and have the checklist confirmed by the Service Desk Manager, to ensure technical implications of the checklist will be fulfilled. - End-of-contract process
-
ANS will securely delete all customer information and configuration data within 3 months of the termination date by default. This can be amended to either shorten or extend the period upon request.
Where customer owned, managed infrastructure is held within the data centres used by ANS, a formal and complete exit plan is determined with the customer to ensure their hardware and data remains intact and disruption to the customer’s business is minimised during the transition process. The creation of this plan usually commences months before contracts are due to expire where the customer has decided to terminate. This overall approach is generally agreed in the contract to ensure both parties are aware of their responsibilities, along with the timescales for termination of service.
Using the service
- Web browser interface
- Yes
- Using the web interface
-
As part of the of ANS Managed Support Service customers will have access to the ANS GLASS Portal which provides a single online interface to manage all support calls.
The GLASS portal has delegated access depending on role and allows for 24*7 access to customer Managed Support service for end to end service management.
ANS GLASS offers the ability for customers to view aspects of the catalogue via internet enabled devices and is optimised for phone/tablet viewing. The portal provides up to date information on services, the associated service levels and the status of any service requests, including the analyst’s progress, findings and current/next steps. The portal also offers an updated and efficient way for you to communicate any requests or notifications with ANS, allowing you to do the following:
• Log an Incident
• Submit a Change request
• View Incident & Change status
• Update & Close incidents & Changes
• Notify ANS of any scheduled maintenance - Web interface accessibility standard
- None or don’t know
- How the web interface is accessible
-
The ANS GLASS Portal is a customer facing portal, which can be accessed in a number of ways for all types of customers dependent upon the needs.
The ANS GLASS Web Portal utilises the Bootstrap framework meaning that it is responsive and supports all modern browsers such as IE, Chrome, Firefox, Edge and Safari. It will also function using a mobile browser.
As GLASS is accessed using standard web browser software, web browsers themselves have native accessibility features built in to them. Equally, GLASS Mobile has been developed using Apple and Android user interface guidelines and the underlying operating systems with native accessibility capabilities built into the app. - Web interface accessibility testing
-
Automated user interface testing is undertaken against the GLASS Mobile app during every release cycle, focused on the most popular iOS and Android smartphones for the UK market. A level of manual user interface testing is also completed against the GLASS mobile app.
During every release cycle, manual user interface testing is completed across all key areas of the GLASS Web Portal. - API
- Yes
- What users can and can't do using the API
- The Customer will work with the development team to define the suitable API's relevant to the services required
- API automation tools
-
- Ansible
- Chef
- OpenStack
- SaltStack
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- ODF
- Other
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
- Automatic
- Independence of resources
- This is done natively through the AWS Cloud Platform
- Usage notifications
- Yes
- Usage reporting
-
- Other
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
- Other
- Other metrics
-
- AWS resources: e.g. Amazon EC2/Amazon RDS DB instances, DynamoDB tables.
- Custom metrics generated by customers’ applications and services.
- Metrics associated with log files generated by the application
- Reporting types
- Real-time dashboards
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- AWS
Staff security
- Staff security clearance
- Conforms to BS7858:2012
- Government security clearance
- Up to Security Clearance (SC)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Managed by a third party
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
- Physical access control, complying with SSAE-16 / ISAE 3402
- Data sanitisation process
- Yes
- Data sanitisation type
-
- Explicit overwriting of storage before reallocation
- Deleted data can’t be directly accessed
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
- All Services within ANS IoT Cloud Service
- Backup controls
- Users Control what Back Ups are performed through the ANS Glass Portal
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Other
- Other protection between networks
- ANS can customise the encryption depending on the customers requirements via a service request
- Data protection within supplier network
-
- IPsec or TLS VPN gateway
- Other
- Other protection within supplier network
- It is either delivered via a private network with encrypted data or encrypted over an Ipsec site to site VPN
Availability and resilience
- Guaranteed availability
-
AWS currently provides SLAs for several services. Due to the rapidly evolving nature of AWS’s product offerings, SLAs are best reviewed directly on our website via the links below:
• Amazon EC2 SLA: http://aws.amazon.com/ec2-sla/
• Amazon S3 SLA: http://aws.amazon.com/s3-sla
• Amazon CloudFront SLA: http://aws.amazon.com/cloudfront/sla/
• Amazon Route 53 SLA: http://aws.amazon.com/route53/sla/
• Amazon RDS SLA: http://aws.amazon.com/rds-sla/
• AWS Shield Advanced SLA: https://aws.amazon.com/shield/sla/
Well-architected solutions on AWS that leverage AWS Service SLA’s and unique AWS capabilities such as multiple Availability Zones, can ease the burden of achieving specific SLA requirements. - Approach to resilience
-
The AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.
AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.
Customers are responsible for implementing contingency planning, training and testing for their systems hosted on AWS. AWS provides customers with the capability to implement a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones. - Outage reporting
- Yes through the ANS Glass Portal and Service Management Process
Identity and authentication
- User authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
- Other
- Other user authentication
-
Access to management interfaces and support channels is given by roles and level of authority, which is governed and managed via ANS' ISO 27001 Security procedure. ANS confirms that no third parties have access to customer data.
Additionally, all ANS data centres are subject to contractual obligations governing confidentiality, integrity and service availability. Staff at the data centres do not have logical access to information or systems, this is managed exclusively by ANS. ANS staff are subject to strict Confidentiality agreements as part of their contract of employment. - Access restrictions in management interfaces and support channels
-
Access to management interfaces and support channels is given by roles and level of authority, which is governed and managed via ANS' ISO 27001 Security procedure. ANS confirms that no third parties have access to customer data.
Additionally, all ANS data centres are subject to contractual obligations governing confidentiality, integrity and service availability. Staff at the data centres do not have logical access to information or systems, this is managed exclusively by ANS. ANS staff are subject to strict Confidentiality agreements as part of their contract of employment. - Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
- Devices users manage the service through
- Dedicated device on a segregated network (providers own provision)
Audit information for users
- Access to user activity audit information
- You control when users can access audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- At least 12 months
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Alcumus ISOQAR
- ISO/IEC 27001 accreditation date
- June 2015 - re-certification audit w/c 21/05/2018
- What the ISO/IEC 27001 doesn’t cover
- Everything in scope
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- Yes
- Who accredited the PCI DSS certification
- NCC Group
- PCI DSS accreditation date
- 01/02/2017
- What the PCI DSS doesn’t cover
- Only Physical Security is within scope
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
-
- ISO/IEC 27001
- Other
- Other security governance standards
- ANS has a formal approach to security governance through its Information Security Management System, accredited meeting the needs of ISO27001 with a full scope and no exceptions. The ISMS is part of an Integrated Management System bringing together ISO9001, ISO14001, ISO27001 and the Business Continuity Management System, accredited to ISO22301.
- Information security policies and processes
- All elements of ISO27001 are included and practised within ANS. We have a robust formal approach to Risk Management based on ISO27005, the risk treatment library being a hybrid of ISO27001/ISO27002, PCI-DSS, Cloud Security Alliance, and BITS (US Financial Services Sector).
Operational security
- Configuration and change management standard
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Configuration and change management approach
- ANS has deployed a service management framework based on ITIL best practice standards which includes problem and change management and configuration management. All changes are assessed for security impacts through a triage process and implemented according to priority levels P1-P5 and business needs.
- Vulnerability management type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Vulnerability management approach
- ANS has a vulnerability management process where all networks and infrastructures are scanned on a monthly basis to identify known vulnerabilities. The results of which are fed into the cyber security team for triage and prioritisation. Remediation is applied according to the priority through our ITIL based change management system, for example if critical, then patches are deployed at the earliest opportunity to mitigate risk and disruption to services.
- Protective monitoring type
- Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
- Protective monitoring approach
-
ANS has deployed an automated protective monitoring system which monitors system logs and issues warnings about potential compromises. This is fed into the ANS Service Desk where incidents are prioritised and actioned according to agreed and defined service levels as below:
P1 - 30 Mins
P2 - 1 Hour
P3 - 4 Hours
P4 - 1 Day
P5 - 2 Days - Incident management type
- Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
- Incident management approach
-
Incidents are recorded on ANS’ ITSM system; main Service Desk hours are 09:00 – 17:30, Mon-Fri for low level incidents, our OOH service covers 24x7x365 support for P1 incidents and Emergency Changes; reported by: Phone, Email and Web Portal.
Incidents undergo an impact assessment identifying common events. ANS determines users/systems affected and commercial impact to the customer’s environment. Once logged, incidents are assigned priority. Actions and updates are logged throughout the incident life-cycle with periodic updates to the originator.
Incident reports in the Service Review documents, are sent or presented to customers detailing the service metrics during a given period.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Third-party
- Third-party virtualisation provider
- AWS
- How shared infrastructure is kept separate
-
Customer environments are logically segregated, preventing users and customers from accessing unassigned resources. Customers maintain full control over their data access. Services which provide virtualized operational environments to customers, ensure that customers are segregated and prevent cross-tenant privilege escalation and information disclosure via hypervisors and instance isolation.
Different instances running on the same physical machine are isolated from each other via the Xen hypervisor. The Amazon EC2 firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All packets pass through this layer. The physical random-access memory (RAM) is separated using similar mechanisms.
Energy efficiency
- Energy-efficient datacentres
- Yes
Pricing
- Price
- £5,000 to £250,000 a unit
- Discount for educational organisations
- Yes
- Free trial available
- No