Phoenix Software Ltd

InSync Cloud Applications Backup

inSync provides backup and recovery for cloud applications. Utilising the AWS Cloud, to backup and protect O365, G-Suite, Salesforce and Slack. InSync also enables businesses to comply with requirements for GDPR with Legal Hold, Data Governance, search and ramsomware.

Features

  • Endpoint Device Backup
  • Data Governance, eDiscovery and Legal Hold
  • Federated Data Search & System Audit
  • Endpoint Data Loss Prevention
  • Endpoint Device Refresh
  • Integrated Mass Deployment
  • AD Integration & Single Sign On
  • Cloud File Share & Shared Workspace
  • Administrative dashboard & reporting
  • Mobile Device Management

Benefits

  • Compliance to data legislation (PCI-DSS,GDPR,HIPAA,PII)
  • Cost effective data protection for all data sources
  • Long-term data Retention across all data sources
  • Source-side global deduplication for more efficient data backup
  • Enterprise grade security protects all data in transit
  • Self-service user data restore portal
  • Enterprise integration and deployment capabilities
  • Data replication between 3 data centres
  • Randomsware & Malware Protection
  • BYOD Policy Management

Pricing

£17.82 to £53.46 a user a year

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@phoenixs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 6 2 0 6 3 2 5 5 8 4 7 4 9 0

Contact

Phoenix Software Ltd Jonny Scott
Telephone: 01904 562200
Email: gcloud@phoenixs.co.uk

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
Service constraints
Service maintenance is carried out at a defined schedule for this service
System requirements
Viable internet connection

User support

Email or online ticketing support
Email or online ticketing
Support response times
Business critical offered as standard with priority of response set by customer. Critical having 1 hour initial, high 2 hours, medium 4 hours and low 8 hours. We offer premium support (at a cost) with critical being 30 mins, high 1 hour, medium 2 hours, and low 4 hours
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Through Druva support website
Web chat accessibility testing
N/A
Onsite support
No
Support levels
Business critical offered as standard with priority of response set by customer. Critical having 1 hour initial, high 2 hours, medium 4 hours and low 8 hours. We offer premium support (at a cost) with critical being 30 mins, high 1 hour, medium 2 hours, and low 4 hours
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Once the service is activated, we have a Sales engineer, customer success and customer support team all available to assist with successful onboarding. Druva operates a knowledge base portal for help and configuration documentation as well as free online learning videos to assist with service training
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
Users can extract data manually from within the system at any time. An bulk export service is available at an additonal cost
End-of-contract process
All customer data is deleted

Using the service

Web browser interface
Yes
Supported browsers
Internet Explorer 11
Application to install
Yes
Compatible operating systems
Android
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Mobile and tablet devices have a dedicated app available from the appropiate app store whereas the endpoint devices have an appropiate agent available from the management console
Service interface
Yes
Description of service interface
The Druva Cloud Platform is a portal accessed via a web client from any web enabled device. The portal allows access to all elements of the platform from product to support enabling a really simpistic service, giving the user a true SaaS experience.
Accessibility standards
None or don’t know
Description of accessibility
N/A
Accessibility testing
N/A
API
Yes
What users can and can't do using the API
"We are able to provide APIs for Audit trail, file server, NAS, CloudCache, Organization, Storage, VMware and Alerts.

Please see following link to see documentation outlining all requirements:
https://developer.druva.com/reference"
API documentation
Yes
API documentation formats
HTML
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Customer can add their own co-branding to the service

Scaling

Independence of resources
The service is scalable using Amazon AWS Compute and Storage for all Servers, allowing it to use further resources as and when necessary. No further customer investment in additional technologies is necessary to ensure scalability of the service- this is included in the service per user cost

Analytics

Service usage metrics
Yes
Metrics types
Service availability
Reporting types
API access

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
.

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with SSAE-16 / ISAE 3402
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

Data export approach
Users can extract data manually from within the system at any time. An bulk export service is available at an additonal cost
Data export formats
Other
Other data export formats
N/A
Data import formats
Other
Other data import formats
Native files

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
To protect data in flight, Druva uses industry-standard Transport Layer Security (TLS) for all data transmitted to the Druva Cloud Platform.
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
We provide an SLA of 99.5% uptime and 99.99999% Customer Data durability
Approach to resilience
The cloud instance for the customer is alwalys replicated between 3 physically different data centres as part of the Amazon AWS availability zone feature. In the case of access being not availabile from 1 datacentre, the customers instance will be instantly available from 1 of the 2 further datacentres.
Outage reporting
Outages of the system availability or the storage component are communicated to all assigned administrators within a cloud instance via email as well as via the Support Portal. An online dashboard also reports instance of global outages

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
By using either using 2FA or username/password combinations as standard methodology
Access restriction testing frequency
At least once a year
Management access authentication
2-factor authentication

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
.
ISO/IEC 27001 accreditation date
..
What the ISO/IEC 27001 doesn’t cover
.
ISO 28000:2007 certification
Yes
Who accredited the ISO 28000:2007
.
ISO 28000:2007 accreditation date
.
What the ISO 28000:2007 doesn’t cover
.
CSA STAR certification
Yes
CSA STAR accreditation date
.
CSA STAR certification level
Level 1: CSA STAR Self-Assessment
What the CSA STAR doesn’t cover
.
PCI certification
Yes
Who accredited the PCI DSS certification
.
PCI DSS accreditation date
.
What the PCI DSS doesn’t cover
.
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
Annual SOC 2 Type 2 and HIPAA audit
Information security policies and processes
"Druva's security program is based on NIST 800-53, documented policies include:
Access Control Policy
Audit and Accountability Policy
Awareness Training Policy
Clear Desk Policy
Configuration Management Policy
Contingency Planning Policy
Identification and Authentication Policy
Information Security Policy
Information Technology Policy
Media Protection Policy
Personnel Security Policy
Physical & Environmental Security Policy
Position Designation Policy
Risk Assessment Policy
Secure Development (SDLC) Policy
Security Planning Policy
Server Security Policy
System Acquisition Policy
System & Information Integrity Policy
System Maintenance Policy
Vendor Management Policy
Wireless Communication Policy
Business Continuity Plan"

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Any changes are controlled under project management
Vulnerability management type
Undisclosed
Vulnerability management approach
Druva identifies vulnerabilities through a variety of sources that include internal scans and externally reported vulnerabilities. Druva tracks all vulnerabilities and identifies their criticality based on the CVSS standard. Druva targets to fix high risk vulnerabilities in 30 days, moderate risk vulnerabilities in 90 days and low risk vulnerabilities within 365 days.
Protective monitoring type
Undisclosed
Protective monitoring approach
"Druva's Cloud Operations team monitors the services on a 24x7x365 basis. Systems are monitored with host based intrusion detection and AWS activity logging that is centralized in Druva's logging infrastructure.

Customers will be notified of identified security incidents within 48 hours of discovery."
Incident management type
Undisclosed
Incident management approach
Druva has a documented Incident Response Plan that includes steps to respond to security incidents including identification, investigation, response, mitigation, customer notification, and root cause analysis.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£17.82 to £53.46 a user a year
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Free trial available with all functionality available for up to 1 month
Link to free trial
Available through engagement with Druva team

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@phoenixs.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.