Inventory Management Europe Ltd

Cloud Backup/ Storage/ Replication/ Disaster Recovery

Entirely UK based fully resilient Cloud Storage solution ISO27001 compliant providing backup, storage, replication and Disaster Recovery solutions.
24/7 support, eco friendly datacentre, full encryption, multi-cloud enabled, 148+ Petabytes available capacity.
Private & Public Cloud provider.


  • 99.999% Uptime guarantee
  • Full redundancy with automatic failover
  • Full encryption (AES 256 bit)
  • Public, Private or Hybrid Cloud
  • ISO27001 compliant
  • Pay for what you use
  • 24/7 telephone support
  • Free migration & setup
  • Ecologically friendly UK based datacentre (Tier III)
  • Built on industry leading vendor technology


  • Fully Managed Storage environment
  • Fully Scalable bespoke solutions
  • Competitive and flexible pricing
  • Free trial available
  • Transparent reporting
  • Fast upload/ recovery times
  • Single Pane of Glass Control Panel
  • Education special pricing available


£10 per terabyte per month

  • Education pricing available
  • Free trial available

Service documents


G-Cloud 11

Service ID

7 6 3 8 6 7 6 7 5 0 8 7 3 9 8


Inventory Management Europe Ltd

Dorothée Tonnerre


Service scope

Service constraints
System requirements
  • Customer Internet connection
  • Customer provided application specific licences

User support

Email or online ticketing support
Email or online ticketing
Support response times
Support response times: 2 hours 24/7
User can manage status and priority of support tickets
Online ticketing support accessibility
None or don’t know
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
We use Zendesk Suite. This allows access via the web, mobile applications or messaging services. Users can attach files/photos.
Web chat accessibility testing
No testing has been undertaken from ourselves as we are relying on readily available technology from Zendesk.
Onsite support
Yes, at extra cost
Support levels
Online/E-mail support: 24/7 no extra cost
Web chat support: office hours no extra cost
Onsite support: see Pricing Document
We would provide a technical account manager or cloud support engineer
Support available to third parties

Onboarding and offboarding

Getting started
We can do onsite training as well as provide user documentation.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Before the end of the contract period, a notification will be sent explaining how to download the data and what the expiry date for such downloads is. On expiry of the contract, the data will be deleted and will not be recoverable.
End-of-contract process
Before the end of the contract period, a notification will be sent explaining how to download the data and what the expiry for such downloads is. On expiry of the contract, the data will be deleted and will not be recoverable.

Using the service

Web browser interface
Using the web interface
Users access a web based control panel. Users with administrator privileges can make changes to most settings such as:
User management (add/remove/edit)
Password reset
Permissions settings
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The web interface allows the users to manage and monitor backup jobs and to modify backup policies.
Web interface accessibility testing
At this stage we have not undertaken any testing for assistive technology users.
Command line interface


Scaling available
Scaling type
Independence of resources
Our cloud environment
Usage notifications
Usage reporting


Infrastructure or application metrics
Metrics types
  • Disk
  • Network
Reporting types
Reports on request


Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
What’s backed up
  • Files
  • Virtual machines
  • Physical servers
  • Databases
  • Folders
  • Cloud-based workloads
Backup controls
We provide software that allows them to choose exactly what to backup and when. Users can have as many different schedules with as many different backup jobs as they require.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
The guarantee for availability depends upon the individual SLA we have with each customer. We can guarantee 99.99% availability if required.

If we fail to meet the agreed SLA we will, by means of a credit note, refund the customer on a pro-rata basis
Approach to resilience
Our datacentre is Tier-3 compliant, located in the UK and includes the following:
Multiple power grid feeds from different locations;
Full UPS back up per grid feed with several on-site generators for guaranteed power availability;
Multiple 10GB network feeds;
Each rack is fed from two independent power feeds;
All compute, networking and storage equipment is fully redundant, operating in clustered environments.

The datacentre has maximum security with several hundred cameras, facial recognition, iris scanning and air-locks. It is located next to a GCHQ installation with regular armed patrols.
Outage reporting
Outages are reported by means of email alerts, a public dashboard and various forms of social media. We also provide a 24/7 telephone support line.

Identity and authentication

User authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Individuals users are given access after their request has been vetted. Access is controlled by means of username and passwords.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
We have devised an IT Security Handbook based around the requirements of ISO27001 whilst we undertake the accreditation. The policy itself was devised by an external organisation specialised in IT Security and it is updated regularly. The reporting structure is detailed in the policy which is available upon request. Our ISO27001 accreditation is pending and we can provide a letter from the auditor attesting to this.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All our services are reviewed regularly to make sure they are fit for purpose and still meet the market and our customers' expectations. Solutions which become obsolete are reviewed to make them evolve or replaced with better suited ones. All changes are managed via our change control policies described in our ISO manuals.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Potential threats are assessed according to our four levels of security classification, as per our IT Security Handbook.
We deploy patches and updates after testing them in a sandbox environment to ensure they will not negatively impact any other systems.
We monitor online forums for information about impending threats or recommended changes to improve our security and to reduce our possible attack surfaces
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We have a network monitoring tool that identifies potential compromises. This tool informs us immediately and each potential threat is assessed and the necessary steps taken to prevent the intrusion to our systems. The network is monitored 24/7 and threats are responded to immediately.
We use external companies to conduct pen-testing on a six-monthly basis.
Incident management type
Supplier-defined controls
Incident management approach
All non conformance issues are handled as per our ISO standards as well as our IT Security Handbook. Overall responsibility for security rests with the Managing Director, but on a day-today basis this responsibility is delegated to the Operations Director. Users report incidents to their line manager and the Quality Manager and these are investigated as per our Quality processes with regular incident reports published to the stakeholders on a need to know basis.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Who implements virtualisation
Virtualisation technologies used
How shared infrastructure is kept separate
We segregate customers by means of segmented networks, VLANs and SAN partitioning. If needed we can provide none-shared, dedicated physical infrastructure for maximum security.

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
The use of intelligent rack cooling, with rack and aisle based air containment, along with indirect free cooling - monitoring ambient external temperature and adjusting internal temperatures accordingly - results in a highly efficient cooling system. Coupled with extremely efficient power distribution systems, this allows us to offer a PUE of 1.2.


£10 per terabyte per month
Discount for educational organisations
Free trial available
Description of free trial
The free version is the same service as the one the user would then purchase.

Service documents

Return to top ↑