ROWLAND CHASE LTD

Rowland Chase Cloud Hosting Services

Rowland Chase Ltd(RCL) Cloud hosting and managed services enables the organisations to build their digital architecture into Cloud. We architect, design, build and support multi-cloud platforms and help our clients to migrate legacy systems, automate existing infrastructure and integrate multi-vendor platform. All are services meets UK Government practices and standards.

Features

• Infrastructure as a Code
• Cloud managed Services
• DevOps Services
• Test as Code & Test-Automation
• Enterprise Architecture Framework
• Software Development
• Project Management Services
• Strategy & Application Design Services
• Cost-Reduction & Risk-Mitigation Solutions
• On-Site and Remote Support

Benefits

• Reduced Maintenance and Operational Costs
• All managed services under one umbrella
• Custom solutions available as per requirements
• Accredited partner support with major cloud service provider
• Scalable and Flexible Service Model
• Supports all Open-Source/Enterprise Software Library
• Experienced and industry standard certified resources
• On/Off-Site support available on demand
• Experience working with public/private sector organisations
• Secured, reliable and highly available solutions

£300 to £1,100 a person

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@rowlandchase.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

733829110045865

Contact

Tanjil Kaushik
02037295965
info@rowlandchase.com

Service scope

• Service constraints: RCL customise services as per client needs and architecture. Every engagement is assessed for risk, availability, resourcing and security. We do engage with third parties for specific industry services.
• System requirements: System requirements will be specified during customer engagement

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: Working Days: Monday to Friday 9 am to 5 pm within 48 hours turn around time. ; ; Weekend working : on Demand and chargeable ( Charges to be agreed in advance).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 A
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: RCL provides standard support 9 AM to 5PM (UK time), Monday to Friday. We can have provide a technical account manager or cloud support engineer on request/need basis.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: RCL user engagement process includes online training and customized documentation as per client’s need. Specific onsite trainings can be made available upon request or agreed during initial engagement. ; ; Documents can be made available in the required formats through secured online portals on demand.; ; Additional on-boarding services/tools are also available upon requests.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: User can request for their data extraction when contract expires. We can provide data in the required format and user has option to choose multiple media type depending upon nature of data. Technical assistance can be requested from our support team.
• End-of-contract process: Upon reaching the end of contract RCL will support the user in data extraction and migration of services hosted on RCL’s dedicated platform. Required documentation and knowledge transfer will be arranged for users. Technical/Non-Technical assistance will be available from our support team upon request.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can interact with Web interface as per Role-based-access-model agreed during client engagement. User can make changes using Web Interface applicable to their role assigned. Privileged changes can be requested as per clients needs and will be delivered after successful assessment by our engineers.
• Web interface accessibility standard: WCAG 2.1 A
• Web interface accessibility testing: Web Interface for our clients are delivered as per requirements specified during engagement. All deliveries are subjected to standard testing procedures associated with assistive technology users. We work with third party assistive technology experts as per user need and demands.
• API: Yes
• What users can and can't do using the API: Users can set up services/integrations through the API as per Role-based-access-model agreed during client engagement or later required as per client architecture. User can make changes through the API applicable to their role assigned. Privileged changes can be requested as per client’s needs and will be delivered after successful assessment by our engineers.
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Users can set up services/integrations through the command line interface as per Role-based-access-model agreed during client engagement. User can make changes through the CLI applicable to their role assigned. Privileged changes can be requested as per client’s needs and will be delivered after successful assessment by our engineers. ; Training are offered and available as per request.

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: RCL services are independent to its users in terms of system and resource availability. We adhere to all service levels agreed with client during initial engagement. All user demands are analysed & managed by our support teams and fulfilled in the agreed delivery timeframe. ; ; We respect users system availability needs and scaling of our services is managed internally during peak periods.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
• Reporting types:
  • API access
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Amazon Web Services

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Emails and Instant messaging
  • Technical and non technical documents.
  • Virtual Machine Images
  • Databases
  • Code / Binary Repository
• Backup controls: All schedules will be agreed in advance with the client. In addition to this we have our standard schedule to carry out regular full/ incremental backup for the systems and services.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Guarantee and SLA will be subject to clients requirement and contracts.
• Approach to resilience: Available on request
• Outage reporting: Email Alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: RCL authorised users can interact with management interfaces and support channels as per Role-based-access-model agreed during initial client engagement. Any changes to user policy/credentials can be requested by approved individuals agreed by client and will be delivered after successful assessment by our technical support team. All user requests are managed and un-identified request are reported to security team.
• Access restriction testing frequency: At least once a year
• Management access authentication: 2-factor authentication
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: No
• Security governance certified: No
• Security governance approach: In Process of getting ISO/IEC 27001 certified. Things got delayed due to COVID. We will ensure that we are ISO/IEC 27001 certified before we take on any contract or provide services through G Cloud 12.
• Information security policies and processes: ISO 27001 and NCSC

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: All CCM changes are tracked & managed through In-house/3rd party tools depending on the services or products. Standard change procedures/guidelines/practices are discussed with user and agreed during initial engagements. ; All changes are subject to audit and in agreement with our engineering team. Change documentation can be provided upon request with our technical support team.; ; Security impact for changes are described to users and any identified risk is highlighted and recorded.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities and Security threats are assessed/identified through In-house/3rd party tools depending on the chosen services or products. All assessments are aligned to threat levels and preventive action is taken after user discussion and as per process/timelines agreed during initial engagements. ; ; Be-spoke services/3rd Party tools are also available for implementation as per contract and initial assessment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: RCL uses In-house/3rd party tools for protective monitoring depending on the chosen services or products. All assessments are aligned to support levels and preventive action is taken after user discussion and as per process/timelines agreed during initial engagements. ; ; Regular alerts & reports are sent to users by our technical support teams.
• Incident management type: Supplier-defined controls
• Incident management approach: RCL uses In-house/3rd party tools for Incident Management depending on the chosen services or products. All incidents assessments are aligned to severity levels and resolution is done after user discussion and as per process/timelines agreed during initial engagements. ; ; Regular incident alerts & reports are sent to users by our technical support teams. Incident backlog is also managed upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Provided by Amazon Web Services
• How shared infrastructure is kept separate: All client’s environments are hosted on Cloud Infrastructure supported by agreed Role-based-access model/groups/policies. User have options to choose a dedicated host or shared environments based on cost/type of usage. Every user data has restricted access and never shared between clients. ; ; Standard Firewall rules are implemented and secured tooling details are discussed with user and agreed during initial engagements.; ; Be-spoke services/3rd Party tools are also available for implementation as per contract.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: RCL works with major cloud providers for hosting its services. The datacentres hosted in EU region by our cloud service providers uses mostly renewable energy to power its infrastructure. These datacentres are moving towards carbon-neutral region and has long-term commitment to operate in the most environmentally friendly way possible.

Pricing

• Price: £300 to £1,100 a person
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: One week free Consultation service.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@rowlandchase.com. Tell them what format you need. It will help if you say what assistive technology you use.