Capito

iland Object Storage iland®

iland Secure Cloud Object Storage seamlessly extends your on-premises environment to the cloud for cost-efficient, long-term
storage of unstructured, cold, archive, and long-term backup data.
iland Object Storage is integrated with our other data protection
services such as DRaaS and BaaS, enabling a simplified
transformational experience. Availability is guaranteed

Features

  • Zerto Integration
  • Veeam Integration
  • GDPR Compliance
  • ISO 27001
  • ISO 27701
  • ISO 9001
  • CSA STAR
  • Supports multi-site hybrid back-up
  • Customer can manage their own back-ups via a portal
  • Global 24/7/365 fully managed and supported

Benefits

  • Regulatory Compliance
  • Web based monitoring portal easily accessible
  • Extensive support
  • Complete control of data sovereignty
  • Easily scalable
  • UK Data Centres
  • Proactive Monitoring
  • Backup and Restoration

Pricing

£0.01 to £0.02 a gigabyte a month

  • Free trial available

Service documents

Framework

G-Cloud 12

Service ID

7 4 5 3 5 3 1 3 3 3 1 5 8 6 1

Contact

Capito Rachael Millar
Telephone: 01506 460 300
Email: DigitalMarketplace@capito.co.uk

Service scope

Service constraints
N/A
System requirements
N/A

User support

Email or online ticketing support
Yes, at extra cost
Support response times
Within 15 minutes 24x7
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AAA
Phone support
Yes
Phone support availability
9 to 5 (UK time), 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 AAA
Web chat accessibility testing
Iland's web chat support meets WCAG 2.1
AAA accessibility standards.
Onsite support
Onsite support
Support levels
Our support teams are available 9 to 5 (UK time), Monday to Friday to respond to alerts, take calls, make decisions, and act to ensure that your services are operating effectively every second of the day.

The support desk is accredited to ISO20000-2011 and ISO27001-2013 standards and the technical operations staff can cover everything with a guaranteed qualified engineering response within 15 minutes of notice.

Effective Account Management plays a central and fundamental part of the successful delivery of services to Capito’s customers. Capito has a unique account management structure that consists of:

• Business Development Manager
• Account Manager
• Internal Account Manager
• Pre-Sales
• Sales Support
• Bid Management
• Service Delivery Manager

The Capito structure allows for good management, with no single point of failure and frequent customer contact.

1. 24 hours x 7 days a week 2. No tiering of
support levels 3. Engineering and Account
Management (T3-T3) available
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Capito provide a full on-boarding service with supported online training supporting user documentation.

All new customers to iland are onboarded via our Cloud Services Team, this ensures as smooth an onboarding as possible. Additionally, a full library of technical guidance and documentation is available via the iland Success Centre.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction
Data can be extracted through multiple solutions and Capito will work with the end user to determine the most appropriate solution that meets their requirements.

All data may be extracted using industry standard formats.
End-of-contract process
Capito will immediately stop providing the agreed service.

Payments due or payable by you under this agreement will become due and payable immediately, including any unpaid charges due for the remainder of the initial term or any renewal term (except where the agreement has ended for Capito's material breach

Within 30 days after this agreement ends, each of us will return all confidential information of the other in its possession at the time this agreement ends and will not make or keep any copies of that confidential information except as required to comply with any applicable legal or accounting record keeping requirement.

iland's cloud services engineering team and 24x7 support is included with the price of the contract. iland also offers professional services that are independent from the cloud services, and those services are subject to their own separate pricing. Reach out to iland for more details.

Using the service

Web browser interface
Yes
Using the web interface
The web interface is fully featured and customers can fully deploy,
configure and manage their environment from the web interface.
Additionally, all web interface functionality is available via API.

Capito deliver service desk facilities primarily via the customer control panel. Capito provides customers with a web-based Control Panel, which provides a broad view of information and services surrounding their solution which allows authorised users to create and manage cloud services as well as raise, track and report on support tickets.
Web interface accessibility standard
WCAG 2.1 AAA
Web interface accessibility testing
Iland's website interface meets WCAG 2.1 AAA accessibility
standards.

No testing has been completed with assistive technology users.
API
Yes
What users can and can't do using the API
Customers are able to perform a range of actions via the iland API,
all activity which can be completed via the GUI, can also be
accomplished via the API. Documented access and controls for
iland APIs are provided to customers.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Dependent upon the solutioning. Designed with your business
requirements in mind, the iland Secure Cloud Console is an intuitive,
yet powerful interface that offers unmatched visibility and control
into your cloud services at iland. It gives you the transparency
needed to closely monitor and manage your cloud resources
effectively in terms of cost, performance, regulatory compliance
and support. It also provides the flexibility to customize permissions
using enhanced Identity Access Management policies.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Contractually determined.
Capito provision the Cloud Storage service from highly available data centre infrastructure.

Each Data Centre is fully powered, secure, resilient and newly equipped to handle the demands of future computing trends such as high density computing, virtualisation, energy conservation, distributed storage and multi site disaster recovery. Offering a total of 7,000 m² of advanced Data Centre technology in 8 major UK cities, we are not hindered by lack of space, legacy operating systems or practices.
Usage notifications
Yes
Usage reporting
  • API
  • Email
  • SMS
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Reseller providing extra support
Organisation whose services are being resold
Iland

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Baseline Personnel Security Standard (BPSS)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Virtual Machines
  • Databases
  • All Virtual machines under a virtual Data Center
Backup controls
Capito Managed Service provides full support for backups.
for iland you can also manage Via subscription SKU options at the contract level, with daily backups at the following retention policies: 7 days, 30 days, 90 days, 1 year (30 daily plus 13 monthly backups), and 7
years (30 daily plus 13 monthly plus 7 yearly backups)
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
Other protection between networks
Point to Point or MPLS circuits SDWAN solutions over Internet connections
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Encryption at Rest - AES 256

Other protection within network. Mechanisms are in place to restrict unauthorised internal and external access to data with access to data appropriately segregated. Firewalls configured not to permit traffic from a source IP or Media Access Control (MAC) address other than its own Data in transit protection for Capito services are subject to audit at least annually under ISO 27001 and PCI-DSS certification requirements.

Availability and resilience

Guaranteed availability
Iland and Capito 100% SLA Provided.
Approach to resilience
Multi-data centre configurations.
More information available upon request.
Outage reporting
Email alerts & a public dashboard: status.ilandcloud.com an API email
alerts

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Access to all service interfaces (for consumers and providers) is constrained to authenticated and authorised individuals.

Remote management access is authenticated and directly associated to authorised individuals rather than group accounts.

All managed systems monitored and access logged and tracked for auditing purposes.

This is governed by iland's Access Control policy, which follows
the principle of least privilege. Additionally, iland manages
authentication and authorization to iland systems, including the
restriction and credentialing of access administrators.
Additionally, iland relies upon Microsoft Domain Structure for
Identity Governance and Access Management systems.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
ISOQAR
ISO/IEC 27001 accreditation date
23/03/2017
What the ISO/IEC 27001 doesn’t cover
As detailed within the SOA
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials Plus

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
  • CSA CCM version 3.0
  • ISO/IEC 27001
  • Other
Other security governance standards
SSAE 18 SOC 2 Type 2
Information security policies and processes
EU GDPR ISO 27001 ISO 27701
PCI-DSS SSAE 18 Cyber Essentials
Capito's adheres to the Security Classification Definitions as described in the Government Security Classifications Policy (GSCP). This is outlined and defined in the Quality Manual and forms part of Capito's overall integrated management system, which consists of UKAS / APMG / NCSC accredited systems. Notably; ISO 27001:2013 Information Security Management; ISO 20000-1:2011 IT Service Management; ISO 9001:2015 Quality Management; ISO 14001:2015 Environmental Management. All are regularly audited for compliance by an accredited certifying body. These standards require Capito to have robust controls in place to manage data, documents and records. Displaying evidence that Capito has appropriate and measured controls in place to manage OFFICIAL information that if lost, stolen or published in the media could have more damaging consequences (for individuals, an organisation or government generally).

All data centres have been independently assessed on a number of occasions by local authorities and UK Government Departments, Senior Information Risk Owner’s (SIRO) as suitable for holding and processing their sensitive information to OFFICIAL level.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Capito's change management process is in line with ISO27001 controls A.12.2 Controlled mechanism for making changes to operational environments. iland implemented change management policies/procedures to define change controls for the addition, deletion, or alteration of systems/infrastructure components. All changes to software, hardware, or other systems/infrastructure tracked in accordance with iland's Change Management policy. A change management plan is in place to manage the modification and maintenance of systems/components. Proposed changes are submitted, tracked, and approved via ticketing solution. All changes are developed/tested in nonproduction environments prior to implementation, and rights to production migration are controlled in accordance with role requirements.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Iland has dedicated vulnerability management policies and processes to identify and assess vulnerabilities timely. These policies & processes are in place to monitor, assess, rank, and remediate vulnerabilities identified within iland's remedia
tions timeline (24 hours for critical, 48 hours for
important, 72 hours for moderate, and 240 hours for low). iland systems conduct regular vulnerability scans. Various evaluations are in use by iland to identify and assess potential risks or vulnerabilities, including audit logging, capacity monitoring of critical infrastructure, quarterly vulnerability scans, annual risk assessments, and periodic third-party
evaluations or audits.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Capito Protective Monitoring process is aligned with ISO27001:2013 control A.12.4 iland has professional monitoring to monitor critical systems,
which provides alerting for issues relevant to security or availability of assets. Additionally, iland monitors identifies vulnerabilities, including software flares, patches, malware, system misconfigurations. iland delivers support 24 hours x 7 days a week to customers and iland's
protective monitoring processes are governed by iland's policies & processes. iland's support and engineering teams reply to incidents in accordance with business and legal requirements. iland provides documentation for customers regarding up-time and performance levels via publicly accessible websites for transparency on availability/monitoring activities.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Capito incident management process is aligned with ISO27001:2013 control A.16.1.
iland has dedicated incident management policies and processes in place for the timely identification and assessment of incidents. Following identification and assessment, guidance is in place to define actions to remediate threats posed by security incidents through patching vulnerabilities, removal of unauthorized access, and other remediation actions deemed necessary. iland users may report incidents through the iland Secure Console, by reaching out to iland's support team or their project manager. iland's Incident Management process is audited annually during iland's ISO 27001 and SSAE18 SOC2 independent audits.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
Logical and physical segmentation.
Each tenant’s servers are segregated into their own VLAN Capito consults with clients to determine if servers need configured to further split server farms over separate security zones. This ensures that uncontrolled network communications do not occur through adjacent architectural tiers storage presentation is segregated through the use of fibre-channel zoning, prohibiting any host from accessing unauthorised storage areas

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Iland's UK Data Center Locations maintain ISO 14001 and ISO
50001 certifications and have a policy titled "Environment and
Energy Management Statement" that outlines their commitment
to comply with the EU Code of Conduct for Data Centres and
EN50600.

Pricing

Price
£0.01 to £0.02 a gigabyte a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
The Secure Cloud Object Storage 30-day Free-Trial
provides new prospects (or existing customers using
other iland services) the opportunity to try out all the
features of the Secure Cloud Object Storage service
platform with no up-front commitment or costs
associated for 30 days with 5 TB Storage.

Service documents