ROWLAND CHASE LTD

Rowland Chase Cloud Hosting Services

Rowland Chase Ltd(RCL) Cloud hosting and managed services enables the organisations to build their digital architecture into Cloud. We architect, design, build and support multi-cloud platforms and help our clients to migrate legacy systems, automate existing infrastructure and integrate multi-vendor platform. All are services meets UK Government practices and standards.

Features

  • Infrastructure as a Code
  • Cloud managed Services
  • DevOps Services
  • Test as Code & Test-Automation
  • Enterprise Architecture Framework
  • Software Development
  • Project Management Services
  • Strategy & Application Design Services
  • Cost-Reduction & Risk-Mitigation Solutions
  • On-Site and Remote Support

Benefits

  • Reduced Maintenance and Operational Costs
  • All managed services under one umbrella
  • Custom solutions available as per requirements
  • Accredited partner support with major cloud service provider
  • Scalable and Flexible Service Model
  • Supports all Open-Source/Enterprise Software Library
  • Experienced and industry standard certified resources
  • On/Off-Site support available on demand
  • Experience working with public/private sector organisations
  • Secured, reliable and highly available solutions

Pricing

£300 to £1,100 a person

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@rowlandchase.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 3 3 8 2 9 1 1 0 0 4 5 8 6 5

Contact

ROWLAND CHASE LTD Tanjil Kaushik
Telephone: 02037295965
Email: info@rowlandchase.com

Service scope

Service constraints
RCL customise services as per client needs and architecture. Every engagement is assessed for risk, availability, resourcing and security. We do engage with third parties for specific industry services.
System requirements
System requirements will be specified during customer engagement

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Working Days: Monday to Friday 9 am to 5 pm within 48 hours turn around time.

Weekend working : on Demand and chargeable ( Charges to be agreed in advance).
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
RCL provides standard support 9 AM to 5PM (UK time), Monday to Friday. We can have provide a technical account manager or cloud support engineer on request/need basis.
Support available to third parties
No

Onboarding and offboarding

Getting started
RCL user engagement process includes online training and customized documentation as per client’s need. Specific onsite trainings can be made available upon request or agreed during initial engagement.

Documents can be made available in the required formats through secured online portals on demand.

Additional on-boarding services/tools are also available upon requests.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
User can request for their data extraction when contract expires. We can provide data in the required format and user has option to choose multiple media type depending upon nature of data. Technical assistance can be requested from our support team.
End-of-contract process
Upon reaching the end of contract RCL will support the user in data extraction and migration of services hosted on RCL’s dedicated platform. Required documentation and knowledge transfer will be arranged for users. Technical/Non-Technical assistance will be available from our support team upon request.

Using the service

Web browser interface
Yes
Using the web interface
Users can interact with Web interface as per Role-based-access-model agreed during client engagement. User can make changes using Web Interface applicable to their role assigned. Privileged changes can be requested as per clients needs and will be delivered after successful assessment by our engineers.
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
Web Interface for our clients are delivered as per requirements specified during engagement. All deliveries are subjected to standard testing procedures associated with assistive technology users. We work with third party assistive technology experts as per user need and demands.
API
Yes
What users can and can't do using the API
Users can set up services/integrations through the API as per Role-based-access-model agreed during client engagement or later required as per client architecture. User can make changes through the API applicable to their role assigned. Privileged changes can be requested as per client’s needs and will be delivered after successful assessment by our engineers.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Users can set up services/integrations through the command line interface as per Role-based-access-model agreed during client engagement. User can make changes through the CLI applicable to their role assigned. Privileged changes can be requested as per client’s needs and will be delivered after successful assessment by our engineers.
Training are offered and available as per request.

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
RCL services are independent to its users in terms of system and resource availability. We adhere to all service levels agreed with client during initial engagement. All user demands are analysed & managed by our support teams and fulfilled in the agreed delivery timeframe.

We respect users system availability needs and scaling of our services is managed internally during peak periods.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
Reporting types
  • API access
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Amazon Web Services

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Emails and Instant messaging
  • Technical and non technical documents.
  • Virtual Machine Images
  • Databases
  • Code / Binary Repository
Backup controls
All schedules will be agreed in advance with the client. In addition to this we have our standard schedule to carry out regular full/ incremental backup for the systems and services.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Guarantee and SLA will be subject to clients requirement and contracts.
Approach to resilience
Available on request
Outage reporting
Email Alerts

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
RCL authorised users can interact with management interfaces and support channels as per Role-based-access-model agreed during initial client engagement. Any changes to user policy/credentials can be requested by approved individuals agreed by client and will be delivered after successful assessment by our technical support team. All user requests are managed and un-identified request are reported to security team.
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
No
Security governance certified
No
Security governance approach
In Process of getting ISO/IEC 27001 certified. Things got delayed due to COVID. We will ensure that we are ISO/IEC 27001 certified before we take on any contract or provide services through G Cloud 12.
Information security policies and processes
ISO 27001 and NCSC

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All CCM changes are tracked & managed through In-house/3rd party tools depending on the services or products. Standard change procedures/guidelines/practices are discussed with user and agreed during initial engagements.
All changes are subject to audit and in agreement with our engineering team. Change documentation can be provided upon request with our technical support team.

Security impact for changes are described to users and any identified risk is highlighted and recorded.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Vulnerabilities and Security threats are assessed/identified through In-house/3rd party tools depending on the chosen services or products. All assessments are aligned to threat levels and preventive action is taken after user discussion and as per process/timelines agreed during initial engagements.

Be-spoke services/3rd Party tools are also available for implementation as per contract and initial assessment.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
RCL uses In-house/3rd party tools for protective monitoring depending on the chosen services or products. All assessments are aligned to support levels and preventive action is taken after user discussion and as per process/timelines agreed during initial engagements.

Regular alerts & reports are sent to users by our technical support teams.
Incident management type
Supplier-defined controls
Incident management approach
RCL uses In-house/3rd party tools for Incident Management depending on the chosen services or products. All incidents assessments are aligned to severity levels and resolution is done after user discussion and as per process/timelines agreed during initial engagements.

Regular incident alerts & reports are sent to users by our technical support teams. Incident backlog is also managed upon request.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Other
Other virtualisation technology used
Provided by Amazon Web Services
How shared infrastructure is kept separate
All client’s environments are hosted on Cloud Infrastructure supported by agreed Role-based-access model/groups/policies. User have options to choose a dedicated host or shared environments based on cost/type of usage. Every user data has restricted access and never shared between clients.

Standard Firewall rules are implemented and secured tooling details are discussed with user and agreed during initial engagements.

Be-spoke services/3rd Party tools are also available for implementation as per contract.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
RCL works with major cloud providers for hosting its services. The datacentres hosted in EU region by our cloud service providers uses mostly renewable energy to power its infrastructure. These datacentres are moving towards carbon-neutral region and has long-term commitment to operate in the most environmentally friendly way possible.

Pricing

Price
£300 to £1,100 a person
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
One week free Consultation service.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@rowlandchase.com. Tell them what format you need. It will help if you say what assistive technology you use.