Computer Doctor Lab

Encrypted Cloud Web Hosting

Serving and hosting secure, SSL 256-bit encrypted web pages and documents

Features

  • Remote access via secure portal
  • SSL 2040-bit security
  • 256-bit encryption for all cloud services
  • Ongoing security auditing and monitoring
  • Secure control panel for cloud service admins
  • Cloud service activity logging and analytics
  • UK/EU-based cloud servers
  • On-demand self-service
  • Centralised risk management
  • Remote virtual desktops

Benefits

  • Reduced IT costs
  • Scalability
  • Business continuity
  • Collaboration efficiency
  • Flexibility of work practices
  • Automatic security updates
  • Rapid service deployment
  • Reducing ongoing costs
  • Reducing carbon footprint
  • Data integrity and availability

Pricing

£1000 per licence

  • Education pricing available

Service documents

G-Cloud 10

847043901260522

Computer Doctor Lab

Joseph Naghdi

02075161077

joseph@computerdoctor.co.uk

Service scope

Service scope
Service constraints Planned maintenance
Planned system upgrades
System requirements
  • Licences for commercial or customised software
  • Licence for Windows Server Operating Systems

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Weekdays from 9am-6pm within 2 hours
Weekends and bank holidays and out of hours excluding Christmas Day and New Year's Day within 4 hours.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.0 A
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support Web chat
Web chat support availability 9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard WCAG 2.0 AA or EN 301 549 9: Web
Web chat accessibility testing Web chat support has been in constant use since 2014 and has proven itself to be extremely helpful to our business clients.
Onsite support Yes, at extra cost
Support levels Level 1: £55 + VAT per hour;
Level 2: £75 + VAT per hour;
Level 3: £110 + VAT per hour
Support available to third parties Yes

Onboarding and offboarding

Onboarding and offboarding
Getting started Extensive written documentation and video training will be made available online covering the relevant service the clients opt for. We can provide initial onsite training if required.
Service documentation Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction All client data can be downloaded as a compressed file. If the user the data exceeds 10GB in compressed format, it will be presented to the client on an encrypted, password protected external hard drive.
End-of-contract process The cost of the provided media or hard drive onto which the client data has been stored, will be extra.

Using the service

Using the service
Web browser interface Yes
Using the web interface Plesk web portal by Odin;
Site and server security
Centralized control panel
Maximum compatibility
No limitation and full control for cloud service admins
Web interface accessibility standard WCAG 2.0 AA or EN 301 549
Web interface accessibility testing We have used and tested Plesk cloud service management and provision since 2014 and have tested all its capabilities.
API No
Command line interface No

Scaling

Scaling
Scaling available Yes
Scaling type
  • Automatic
  • Manual
Independence of resources Services are scaled over multiple servers and data centres and as a consequence a spike on system or service usage or increased traffic at peak times will affect the quality of service.
Usage notifications Yes
Usage reporting
  • Email
  • SMS

Analytics

Analytics
Infrastructure or application metrics Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types Reports on request

Resellers

Resellers
Supplier type Reseller providing extra features and support
Organisation whose services are being resold Microsoft, Google, Amazon Web Services

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations Yes
Datacentre security standards Supplier-defined controls
Penetration testing frequency At least once a year
Penetration testing approach ‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Explicit overwriting of storage before reallocation
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • All files
  • Virtual Machines
  • Databases
  • Images
  • OS images
Backup controls We will set up data backup versioning in multiple cloud locations and automate the process with proactive admin oversight 24/7. Data backup and server restoration testing will put in place to ensure the integrity of the backed up data.
Datacentre setup Multiple datacentres
Scheduling backups Users schedule backups through a web interface
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

Availability and resilience
Guaranteed availability SLAs in place for guaranteed service availability and clients are compensated proportional to the length of time the interruption occurred. These will be specified in the SLA
Approach to resilience All cloud services are hosted on multiple platforms and data centres to ensure resilience and high availability. Details available on request.
Outage reporting Emails are sent to clients.

Identity and authentication

Identity and authentication
User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels We apply user policies to ensure each user has appropriate and proportionate access to systems and services in line with their position and duties without infringing or overriding the rights of other users. Access is controlled by defined policies and/or manual intervention when required by a team of system admins.
Access restriction testing frequency At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users contact the support team to get audit information
How long user audit data is stored for User-defined
Access to supplier activity audit information Users contact the support team to get audit information
How long supplier audit data is stored for User-defined
How long system logs are stored for User-defined

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification No
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications Yes
Any other security certifications
  • CISSP
  • CISSP-ISSMP
  • CCFP
  • CISM

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes Information will be protected against unauthorised access and processing in accordance with its classification level. Breaches of this policy are reported. We use annual internal audits and penetration testing will be appraised and adjusted through the principles of continuous improvement, as laid out in ISO27001 clause 10.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Configuration and change management – We ensure that changes to the system have been properly tested and authorised. Changes should not unexpectedly alter security properties; Vulnerability management – We identify and mitigate security issues in constituent components; Protective monitoring – We put measures in place to detect attacks and unauthorised activity on the service; Incident management – We ensure we can respond to incidents and recover a secure, available service
Vulnerability management type Supplier-defined controls
Vulnerability management approach Constant monitoring identifies threats to services and we take immediate action to eliminate the threat or the breach. System and software patches and upgrades are implemented on a weekly basis while insuring no service disruption occurs.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Potential compromises are identified via proactive monitoring, routine checks and pen testing. All breaches are dealt with immediately once the extent and the nature of the breach has been identified.
Incident management type Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach The first goal of the incident management process is to restore a normal service operation as quickly as possible and to minimize the impact on business operations, thus ensuring that the best possible levels of service quality and availability are maintained. 'Normal service operation' is defined here as service operation within service-level agreement (SLA). Users can report incidents to the help by phone, email, ticketing or online chats. Once the normal services has resumed, a report is produced and submitted to the client upon request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart Yes
Who implements virtualisation Supplier
Virtualisation technologies used Hyper-V
How shared infrastructure is kept separate Compute separation is provided by a hypervisor. Network and storage virtualisation techniques are also employed.

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes

Pricing

Pricing
Price £1000 per licence
Discount for educational organisations Yes
Free trial available No

Documents

Documents
Pricing document View uploaded document
Terms and conditions document View uploaded document
Return to top ↑