Version 1 Solutions Limited

Infrastructure as a Service - Oracle Cloud

Enhanced partnerships with leading providers ensure we can offer independent advice to customers across a range of services for Public Cloud including strategy, design, build, migration, ongoing management and optimisation of enterprise workloads. We have a deep understanding of the entire lifecycle of enterprise applications and technologies that underpin them.

Features

  • Oracle Platinum Partner, Oracle Cloud & Oracle Cloud MSP
  • Proven cloud consultancy, strategic advice and migration expertise
  • Well Architected infrastructure design and build
  • Official and Official Sensitive supported
  • ITIL Incident, Problem and Change Management processes
  • ISO 20000 Certified and ISO 27001 Certified
  • Enterprise Monitoring Service and Proactive Maintenance
  • Patching and Security Management
  • Disaster Recovery options
  • Optimisation, Economics, Integration Services

Benefits

  • Automation for infrastructure builds and workload migrations
  • Ongoing advice on best cloud services to meet requirements
  • Best practice governance, security and compliance
  • Continual service improvement
  • Value for money ensured through cloud management and optimisation
  • Additional services available for platform management and software development
  • Optional: Expert advice on maximising current licence investments

Pricing

£250 a server a month

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotices@version1.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

7 7 7 0 6 1 1 2 4 4 6 6 8 7 2

Contact

Version 1 Solutions Limited Matt Gorman
Telephone: +44 203 859 4790
Email: tendernotices@version1.com

Service scope

Service constraints
N/a
System requirements
  • Currently supported web browser
  • Communications link with sufficient capacity for the service

User support

Email or online ticketing support
Email or online ticketing
Support response times
Standard SLA covers Office Hours:
1 hour priority calls
4 hour response standard
Can be tailored to customer requirement including weekend cover
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
WCAG 2.1 A
Web chat accessibility testing
Version 1 uses Skype for our web chat support. The following is a list of devices with supported accessibility features available for Skype on Windows 8 desktop:

• Narrator screen reader enables blind people to use their computer or other device as its purpose is to read text on the screen aloud. Skype for Windows desktop and Skype for Windows 8 may also work well with third-party screen readers such as NVDA (free download) and JAWS.
• High-contrast settings benefit low vision users and users with little or no color perception as it makes text easier to read.
• Magnifier is a feature intended for low vision users as it enlarges the screen and makes text easier to read and images easier to see
Onsite support
Yes, at extra cost
Support levels
The Managed Service provided by Version 1 is based on our ISO 20000 processes and procedures. The ISO 20000 standard held by Version 1 since July 2011, is aligned to the ITIL service framework and covers standard service processes such as Incident Management, Change Management and Release Management . During on-boarding we can tailor these processes and agree the detail of their implementation, in particular how they integrate with the client’s own internal processes. There is an additional charge for this tailoring which can be incorporated in the on-boarding costs. Version 1 has an ITIL based Service Governance structure in place for each client to ensure SLAs are met and the overall support service is managed in a responsive, customer-focused manner. The focus of the service governance will be a regular Service Management Board or Service Review Meeting attended by key stakeholders. Each managed service client is assigned a service manager to co-ordinate their service provision and ensure customer satisfaction levels are maintained. At Version 1, Continuous Service Improvement as a core element of our Managed Service offering and we incorporate it into the client's Managed Service at the outset of our engagement
Support available to third parties
Yes

Onboarding and offboarding

Getting started
A critical aspect of any project is the need to conduct comprehensive training for the users in the use of the application. Version 1 is committed to conducting professional training to ensure that users of the system can gain maximum benefit from using it. Version 1 normally propose a ‘train the trainer’ approach to user training be adopted, integrated with the testing and overall acceptance phase of the project. This requires a difference in approach from standard training courses, as users need to be trained in both the application and in how to pass this on to their colleagues. A number of “super users” for the system should be nominated by the client and could also be identified through a Training Needs Analysis process
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Version 1 will assist with service migration and can provide a data extract in an agreed format
End-of-contract process
After termination or expiration of the Services under Your order, or at Your request, Oracle will delete or otherwise render inaccessible the production Services, including Your Content residing therein, in a manner designed to ensure that they cannot reasonably be accessed or read, unless there is a legal obligation imposed on Oracle preventing it from deleting all or part of the service environment.

Using the service

Web browser interface
Yes
Using the web interface
All Ravello functions can be controlled via the WebUI - see the Ravello User Guide for full details.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Not known
Web interface accessibility testing
Not known
API
Yes
What users can and can't do using the API
All Ravello functions can be controlled via the RESTful API - see the Ravello User Guide for full details.
API automation tools
  • Ansible
  • Chef
  • Puppet
API documentation
Yes
API documentation formats
HTML
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
Manual
Independence of resources
The service uses isolated VMs for each tenant
Usage notifications
Yes
Usage reporting
Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
Other
Other metrics
  • Concurrent running VMs
  • Number of public and elastic IPs
  • Billing information
Reporting types
Real-time dashboards

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Oracle Cloud

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
No

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
Other
Other protection within supplier network
Data-in-transit within Oracle internal network is unencrypted. However it is monitored by the McAfee Intrusion Detection System (IDS) for detection of anomalous and/or malicious activity.

Availability and resilience

Guaranteed availability
Target Uptime 99.95%
Approach to resilience
Redundancy is built in to all Oracle Systems. Each site in turn has its own redundancies built in with dual data feeds, backup power solutions and each operated in a N+1 configuration.
Outage reporting
Outages originating from Data Centre are initially reported to Oracle via email to nominated support staff. Customers are alerted via emails from relevant Oracle service team to nominated Customer administrators.

Identity and authentication

User authentication
Username or password
Access restrictions in management interfaces and support channels
Ravello provides an in-built authentication facility, but detail of authentication mechanism is dependent on the services the Customer is implementing in conjunction with Ravello.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
Devices users manage the service through
Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
You control when users can access audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
Between 1 month and 6 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Certification Europe
ISO/IEC 27001 accreditation date
29/07/2015
What the ISO/IEC 27001 doesn’t cover
The scope of the certification covers all Version 1 Managed Service activities
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
.
Information security policies and processes
Version 1 recognise that the relationship between information security and IT service management is so close that we implemented an Integrated Management System (IMS) that has been certified to ISO 27001:2013 and ISO 20000-1:2011 with matching scopes. The Version 1 IMS is based on the guidance provided in the International Standard for the Corporate Governance of IT (ISO/IEC 38500) and the International Standard for Risk Management (ISO 31000). The Version 1 IMS has a broad scope that supports all of our ICT services. The Version 1 IMS is audited every 3 months, alternately by internal and external auditors. An Information Security Officer along with the IT Governance Committee are responsible for maintaining the IMS, as well as providing advice and guidance on policy implementation

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Verison 1 has developed formal standard operating procedures (SOPs) governing the change management process. These SOPs cover both software development and hardware change and release management, and are consistent with established regulatory guidelines including ISO 27001 and ISO 20000
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Oracle Cloud follows a vulnerability management process and procedure that includes identification of vulnerabilities, ranking of vulnerabilities by severity, prioritization of vulnerability remediations by severity and re-testing.  All changes required by vulnerability remediations follow our standard change management processes
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Oracle have implemented protective monitoring controls in order to oversee how Cloud systems are used (or abused) and to assure user accountability for their use of these services. The controls include mechanisms for collecting log information and configuring logs in order to provide an audit trail of security relevant events of interest.
Incident management type
Supplier-defined controls
Incident management approach
"The Oracle Information Security Incident Reporting and Response Policy details the procedures that must be followed by all Oracle employees should an incident be identified. It includes:
·          Mandatory reporting of security events
·          Mandatory reporting of security weaknesses
·          Assessment and classification of security incidents
·          Incident classification and escalation
·          Preservation of evidence"

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Other
Other virtualisation technology used
HVX Hypervisor
How shared infrastructure is kept separate
Each customer organisation is provisioned with their own VM environment ensuring segregation from other organisations sharing the same physical server infrastructure.

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£250 a server a month
Discount for educational organisations
No
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tendernotices@version1.com. Tell them what format you need. It will help if you say what assistive technology you use.