Private and secure collaborative document sharing, contacts, calendar, peer to peer voice and video chat and many more optional services provided by the Nextcloud platform and associated application plugins.
- Secure file exchange, sync and share across all platforms
- Peer-to-peer, encrypted, audio and video communication service
- Contact and address book management and sharing for all platforms
- Calender management and sharing across all platforms
- Unlimited user and group account management
- Access you data from all your devices
£50 to £245 per virtual machine per month
0114 276 9709
|Service constraints||Not that we are aware of.|
|System requirements||Linux, Windows, iOS, OSX or other supported OS|
|Email or online ticketing support||Email or online ticketing|
|Support response times||We do our best to respond to all support requests and questions as quickly as possible. During the week, between 9am and 3pm we are available in the office and aim to respond within the hour, at other times we aim to respond within 24 hours.|
|User can manage status and priority of support tickets||No|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||Web chat|
|Web chat support availability||9 to 5 (UK time), 7 days a week|
|Web chat support accessibility standard||None or don’t know|
|How the web chat support is accessible||Group, private and private chatrooms are available, we use Internet Relay Chat (IRC), there is a web interface available at https://webchat.freenode.net/ in addition to the multiple client applications, see for example https://en.wikipedia.org/wiki/Comparison_of_Internet_Relay_Chat_clients|
|Web chat accessibility testing||None.|
|Onsite support||Yes, at extra cost|
The included server support is for security updates only, this is included in the price and allows for 20 minutes per month.
Additional support is available for £60 per hour as required.
|Support available to third parties||Yes|
Onboarding and offboarding
|Getting started||Support is available for Nextcloud configuration from us for £60 an hour, there is also free community support available at https://help.nextcloud.com/|
|End-of-contract data extraction||We can provide access to a backup of the database and file system as required. If the client has opted to have SSH access to the server then they can obtain this data directly themselves.|
|End-of-contract process||If our services are required to migrate the data to a Nextcloud server hosted elsewhere we would charge for our time to complete this task.|
Using the service
|Web browser interface||Yes|
|Using the web interface||All management can be done using the web interface, adding accounts and groups, creating shared folders and calendars etc.|
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||All functionality is available via web based forms.|
|Web interface accessibility testing||None.|
|What users can and can't do using the API||
WebDAV is the main api for file related operations, see https://docs.nextcloud.com/server/13/developer_manual/client_apis/WebDAV/index.html
OCS API endpoints are also available, see https://docs.nextcloud.com/server/13/developer_manual/client_apis/OCS/index.html
|API automation tools||Other|
|Other API automation tools||WebDAV|
|API documentation formats||HTML|
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||SSH and sudo access is optionally available with a charge made for setup time (account creation and adding public key(s) to the server), occe this is setup the occ command line interface to Nextcloud is available, see https://docs.nextcloud.com/server/13/admin_manual/configuration_server/occ_command.html|
|Independence of resources||Each virtual server has dedicated disk space and memory, CPU resources and bandwidth are shared across multiple virtual servers.|
|Infrastructure or application metrics||Yes|
|Reporting types||Real-time dashboards|
|Supplier type||Not a reseller|
|Staff security clearance||Other security clearance|
|Government security clearance||None|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least every 6 months|
|Penetration testing approach||In-house|
|Protecting data at rest||
|Other data at rest protection approach||Our data centre provider has multiple physical access controls, preventing unauthorised physical access to systems.|
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||In-house destruction process|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||We backup the whole virtual server on a nightly basis|
|Backup controls||There is no direct client access to backup configuration.|
|Datacentre setup||Multiple datacentres|
|Scheduling backups||Supplier controls the whole backup schedule|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||TLS (version 1.2 or above)|
|Data protection within supplier network||TLS (version 1.2 or above)|
Availability and resilience
|Guaranteed availability||We provide 24x7 services except for planned and agreed maintenance. If services are not meeting customer requirements we provide discounted services for the next billing cycle.|
|Approach to resilience||Available on request|
We report outages via
1. Public Status page
2. Client accessible system metrics.
Identity and authentication
|Access restrictions in management interfaces and support channels||Management access is only via encrypted channels, and uses secure cryptographic ssh keys to identify personnel.|
|Access restriction testing frequency||At least every 6 months|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||Between 1 month and 6 months|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||No|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||Yes|
|Any other security certifications||ISO 27001 Lead auditor training|
|Named board-level person responsible for service security||No|
|Security governance certified||No|
|Security governance approach||As a small organisation we are not standards certified, however our security practices are informed by the OWASP and UK G-Cloud best practices. Staff have formal qualifications in ISO27001 and Information Security.|
|Information security policies and processes||
Our information security policies are informed by OWASP, ISO27001 and UK G-Cloud best practices.
The policies are implemented into automation techniques, which ensures consistent deployment and policy compliance.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
Configurations are held in version control systems giving cryptographically secure history and change log, and ability to revert configuration in event of error.
Changes are peer reviewed by team before commiting.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Potential threats are assessed according to CVE score and it's applicability to our infrastructure.
Systems and software are maintained at vendor supported versions.
Patches are installed through vendor supported methods ( example Windows update, apt-get upgrade ) at scheduled times, after testing.
Information about potential threats is obtained from vendor distribution channels, mailing list and the general Internet community.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
We continually monitor audit logs, and system utilisation metrics, giving baseline performance posture.
Systems that go outside of these heuristics generate alerts. For example, failed login count, excessive network or CPU utilisation, or possible malicious network traffic.
In the event of an alert being generated, systems are assessed for a root cause analysis. In the event of this being a compromise we use access and process controls to stop the compromise, whilst preserving data and log files in the event of they will be required.
Alerts are generated 24x7
|Incident management type||Supplier-defined controls|
|Incident management approach||
We have pre-defined processes for common events. Eg. Password compromise.
Users can report incidents via our support desk software
Incident reports will be provided via email should they be required.
|Approach to secure software development best practice||Supplier-defined process|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||Other|
|Other virtualisation technology used||Opensource Xen|
|How shared infrastructure is kept separate||Xen virtualisation provides each organisation an independent virtual operating system. Organisations processes and data are held in these separate virtual machines preventing unauthorised access on shared infrastructure|
|Price||£50 to £245 per virtual machine per month|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Terms and conditions document||View uploaded document|