Kiwi IT Solutions Ltd

365v Hosted Desktop Service

The 365v Hosted Desktop will provide the experience of a full desktop including core business applications in an internet connected, highly secure environment without the significant capital expenditure that would be required to develop suitable in-house solutions.

Features

  • Customizable Hosted Desktop Solutions
  • Application Delivery
  • Secure Multi-Factor Authentication
  • 24/7/365 Support
  • Fully Scalable
  • ISO27001 and ISO9001 accredited provider
  • Citrix XenApp Technology

Benefits

  • Reduces your IT operating and capital expenditure costs
  • Reduces your IT Support and Adminstration requirements
  • Users can work from any location using different devices
  • Fully managed, secure platform with full scalabity
  • 24/7/365 support available

Pricing

£24.99 a person

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom.may@kiwiit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

8 4 3 0 6 4 0 5 3 3 7 3 9 4 7

Contact

Kiwi IT Solutions Ltd Tom May
Telephone: 0843 224 9301
Email: tom.may@kiwiit.co.uk

Service scope

Service constraints
Kiwi IT continually improves its core infrastructure in order to provide the highest levels of service, therefore it is necessary to carry out essential works every so often.

This is planned and scheduled carefully with our clients to ensure that any disruption for customers and their services are kept to a minimum.
System requirements
  • Almost any software can be run within the hosted desktops
  • Third Party vendor licensing requirements need to be met

User support

Email or online ticketing support
Email or online ticketing
Support response times
1 hour response
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
All 365v customers have the same level of support from our dedicated support team including 24/7 support for the hosted platform, on-site support available on request.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
An onsite audit and initial project discovery is conducted which includes a client survey. This is then followed by Project Initiation Documentation to be signed off by the client prior to the start date of the project which defines the scope and timescales involved. Onsite assistance for the 'Go live' is included together with the relevant user training.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data will be extracted via the Cloud Department and provided to the client using encrypted external media.
End-of-contract process
At the end of the contract we will assist with the process of extracting the data for handover, any other costs incurred will be agreed with the client in advance.

Using the service

Web browser interface
Yes
Using the web interface
The 365v Hosted Desktop platform is accessible to any supported device from any location at any time. Users connect via a supported web browser which facilitates access to their hosted desktop. This service is strictly configured and administered via Kiwi's internal Cloud department. All user and administration requests must come via the Service desk.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
The Web interface is support by but not limited to the following Web browsers:

Internet Explorer 10
Microsoft Edge
Mozilla Firefox
Google Chrome
Web interface accessibility testing
Testing has been completed by the software vendors.
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
The platform is continually monitored for performance. The underlying hardware providing the service always has more resources available to reduce the risks associated with reduced performance due to other users demands.
Usage notifications
No

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
Never
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Virtual Machines
  • Databases
Backup controls
Backups are taken three times a day as standard, 6am, 12am and 6pm. Additional backups can be performed as required which is discussed within the initial project discovery process.
Datacentre setup
Single datacentre with multiple copies
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

Guaranteed availability
Standard SLA of 99.999% for service availability.

Credits are retrospectively issued on monthly basis for any loss of service outside of the agreed SLA.
Approach to resilience
The hosted desktop platform is housed at a secure UK based Tier -IV datacentre providing redundant power, cooling and internet connections. The server and network infrastructure in place includes High Availability and failover including both SAN and Hypervisor based replication.
Outage reporting
Email alerts

Identity and authentication

User authentication
  • 2-factor authentication
  • Username or password
Access restrictions in management interfaces and support channels
Access restrictions are in place based on seniority of staff, different accounts are used for traceability.
Access restriction testing frequency
At least once a year
Management access authentication
Dedicated link (for example VPN)
Devices users manage the service through
Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
No audit information available
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Lloyds Register
ISO/IEC 27001 accreditation date
09/04/2018
What the ISO/IEC 27001 doesn’t cover
Nothing excluded
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Kiwi IT operate to industry-recognised best practice information security processes, within the framework of ISO 27001, to preserve the confidentiality, integrity and availability of information.

We plan and engineer our delivery processes around the industry-recognised ISO9001 and ISO 27000 standards ensuring that we deliver to the highest standards of IT Service Management.

We have an IMS management team with clear accountability that support the continuous review and improvement of the company IMS.

We apply quality, local and industry standards that apply to Kiwi IT operations. The continual improvement of Kiwi’s IT Service Management and supporting processes is a key discipline promoted across the business.

We operate to our documented policies, procedures and processes where applicable.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow our internal change management process prior to any changes being implemented. All stages are have two be authorised and documented within our change management documentation and the relevant staff notified.

Patch testing is completed and security implications assessed prior to changes to the platform.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Secuirty audits are performed regularly with and treats such as Viruses, malware, etc. are constantly assessed. We have enrolled for information alerts from the relevant vendors and patches are applied as soon as possible (usually within 24 hours) following our change control process.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Regular security audits are performed regularly and discussed internally. We have enrolled for information alerts from the multiple vendors. All relevant patches are applied as soon as possible (usually within 24 hours) following our change control process.
Incident management type
Supplier-defined controls
Incident management approach
Incidents are logged via phone calls, email, or the client web portal. They are automatically classified based on the criteria and severity prior to being assigned by a manager to the appropriate team. Incident reports are generated automatically and sent to clients either weekly or monthly based on their preference.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
VLAN's together with restricted permissions are used to separate services between clients.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Kiwi IT Solution use Six Degrees Datacentre in Warickshire, Six Degrees worked with IT sustainability consultancy Carbon3IT to review all of their UK data centres for energy efficiency best practices and their alignment with the EU Code of Conduct.

Pricing

Price
£24.99 a person
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
30 days free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tom.may@kiwiit.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.