Secure Managed Fifosys Private Cloud
Fifosys provide a private cloud platform hosted from two UK third party data centres for organisations that require a custom approach not provided by the public cloud. Our infrastructure has been in place since 2012 providing a dedicated hosted IT infrastructure for clients to access their systems remotely.
Features
- Real Time reporting
- Scaleable on demand
- Remote Access
- Client isolation
- Dedicated bandwidth
Benefits
- Can scale to meet the needs of the organisation
- Can be easily accessed on the move
- Removes the need for large investment in on-premise infrastructure
- Fully managed and maintained environment
Pricing
£0.20 a gigabyte a month
- Education pricing available
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at m.patel@fifosys.com.
Tell them what format you need. It will help if you say what assistive technology you use.
Framework
G-Cloud 10
Service ID
8 6 9 6 3 2 8 1 2 3 1 7 1 8 2
Contact
Fifosys Limited
Mitesh Patel
Telephone: 02076442610
Email: m.patel@fifosys.com
Service scope
- Service constraints
- Service constraints include a planned maintenance window that will be agreed with the client to allow for proactive maintenance.
- System requirements
- Standard connectivity via VPN
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- The Fifosys service desk is available 247 365 days of the year. This service provides a fully manned operation with engineers sitting in front of screen, taking calls, responding to emails and monitoring systems. Fifosys respond to incidents much faster than our SLA. We maintain a response and resolution time of 20 minutes for 86% of incidents to our desk. Our SLA is 1 hour for a priority 2 & 3 and 20 minutes for a priority 1. But we average 8 minutes response times to email support requests. These response times do not vary at weekends.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
-
Fifosys provide 1st, 2nd and 3rd line support 24/7/365. Our Network Operations Centre (NOC) proactively monitor, maintain and remediate clients systems. This is all standard service as part of our pricing model. We provide a team which includes an IT Manager who manages the Service team (NOC & Support), an Account Manager who is responsible for day to day management of the account from a sales perspective, and Technical architects who are responsible for discussing and identifying the right technical solutions for our clients.
We encourage clients to make use of tools we provide giving full visibility of what we do, including access to a service portal to view Service Desk activity. Our incident reports and status reports give clients the information needed if anything does not meet expectations we will be open in our resolution. This forms the basis of agreed KPIs to help gain trust and sustain long professional relationships.
This data is a central focus of Service Reviews and is invaluable in identifying training needs, potential problems or areas where systems aren’t delivering what the organisation needs. This detail has been noted in external quality audits and by vendors specialising in managed service applications and CRM systems. - Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
We provide a tailored training program for the cloud service dependant on the requirements. This can include on-site training, workshops or on-line training. This can even be combined if required.
We have a large repository of user documentation that we share on how to use the various elements of the service. - Service documentation
- Yes
- Documentation formats
- End-of-contract data extraction
-
Data can either be extracted manually bu the users or Fifosys can be instructed to provide all of this data on removable media. The user must supply or agree to the costs of Fifosys supplying the media.
This data is then removed from our systems and backup.
Any configuration documentation relating to the service and configuration items will be exported from our IT glue system and provided to the client in PDF format - End-of-contract process
-
Extracting the users live data is included in the price of the contract as are all termination fees.
Any media required to export data is not included and this must be purchased by the user or the user must agree to the costs of Fifosys purchasing this on their behalf.
The export of historic backups is not included as this can be a time-consuming process and the cost is dependant on how many generations of data need to be exported.
All licencing within the cloud is also provided on an SPLA basis and therefore remaining the property of Fifosys
Using the service
- Web browser interface
- No
- API
- No
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
-
- Automatic
- Manual
- Independence of resources
-
We allocate sufficient resource and performance across the platform to support all the users and their requirements. We do not allow automatically scaling and any new services are provisioned by our support staff to ensure that there are no unexpected peaks in demand.
Regular capacity planning on the environment takes place to ensure we are prepared for growth.
The environment is also proactively monitored by our 24/7/365 NOC and alerts automatically generate tickets in our CRM system if services go outside their configured thresholds. - Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- Disk
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
- Performance
- Reporting types
-
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Not a reseller
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
- Protecting data at rest
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- A third-party destruction service
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Files
- Virtual and physical servers
- Network Attached Storage ( NAS)
- Storage Area Network (SAN)
- Database Applications
- Software Applications
- Backup controls
- Users have a high degree of granular options to configure the backup schedule. By default we configure all backups for every hour but there are options for critical systems to backup as frequently as every 5 minutes. As part of the installation process we agree the frequency across each file type, virtual server or critical application to sign off the backup schedule.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users contact the support team to schedule backups
- Backup recovery
-
- Users can recover backups themselves, for example through a web interface
- Users contact the support team
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- Private network or public sector network
- IPsec or TLS VPN gateway
- Data protection within supplier network
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
-
We provide a 99.9% SLA on the data centre environment.
Users are refunded up to 10% of the monthly cost of hosting if we do not meet the SLA - Approach to resilience
-
Our datacentre environment is highly resilient. All hardware has a minimum of N+1 for redundancy. The entire environment is replicated to a 2nd site to protect against a complete data centre outage and there are multiple connection paths in and out of the data centre.
The cloud environment is also proactively monitored 24/7/365 to ensure that any failures or predicted failures can be dealt with as soon as possible.
Further details of the resiliance are available on request. - Outage reporting
-
Any service outages would be reported via email alerts. Any outages would be classed as a priority 1 - High impact incident and follow our high impact incident process.
Users would be continuously updated on progress of the issue until resolved.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Dedicated link (for example VPN)
- Username or password
- Access restrictions in management interfaces and support channels
-
Only authorised individuals from our organisation can manage the system and strong authentication is in place. The management layer is segregated from the service networks to prevent any issues affecting service.
All access to the systems are through N-able and an audit trail is in place. - Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Username or password
- Devices users manage the service through
- Dedicated device on a segregated network (providers own provision)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- User-defined
- Access to supplier activity audit information
- Users receive audit information on a regular basis
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- BSI
- ISO/IEC 27001 accreditation date
- 11/09/2017
- What the ISO/IEC 27001 doesn’t cover
- Dont Know
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Other security certifications
- Yes
- Any other security certifications
- Cyber Essentials
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
Information data security is an essential part of the Fifosys business. The directors recognise the need for its clients and end users information data to remain secure and confidential at all times. Clients and Fifosys internal departments collaborate to ensure that data stays secure.
Information data security systems are reviewed at regular intervals and outcomes are made available to other relevant organisations. Current policies exist for the following which are audited each year as part of our ISO 27001 accreditation:
Information Security Organisation
Classifying Information and Data
Controlling Access to Information and Systems
Processing Information and Document
Purchasing and Maintaining Commercial Software
Securing Hardware, Peripherals and Other Equipment
Fifosys Personnel
Detecting and Responding to Incidents
Business Continuity
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
-
We follow the ITIL framework for change and configuration management.
All changes are logged in our ERP system - Connectwise and changes must include a reason, the technical steps, the risk assessment, the service impact, a rollback plan, a test plan and a schedule of communications. All changes, once submitted are reviewed by the change management board.
All configuration are also tracked in Connectwise with installation date, service/warranty expiry, any 3rd party details and any associated configuration. Automatic updates of configuration items is also performed from our RMM tool, (N-Able) to Connectwise. - Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
-
We are continually assessing threats to our service. We use automated cyber security tools such as cyberscore from XQ cyber ( A Check service provider) to continuously poll our environment for new threats and suggest remediation plans.
We patch our and our clients servers every week using our automated patch management service.
We also deploy next generation firewall products with anti malware protection, constantly upgraded from Cisco and we employ automated Ransomware protection across all our servers.
We get our sources of threats from our multiple partners including, Microsoft, Cisco, VMware, XQ Cyber and N-able - Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
-
We use our proactive monitoring tool (Nable), to identify threats. This monitors all aspects of the environment from servers to networking to anti-virus.
Data is also proactively monitored for RansomWare attacks through our backup solution.
When a threat or compromise is detected a ticket is automatically logged in our ERP system (Connectwise) and handled as a priority 1 ticket.
We respond to these incidents within 15 minutes - Incident management type
- Supplier-defined controls
- Incident management approach
-
Our incident management process is based on the ITIL framework for service management. Incidents are categorised into service issues where IT has failed and support issues where IT hasn't failed i.e. a new user request.
We have pre-defined processes for common events such as new users, subject access requests, permission changes, mobile device setup, upgrade and client specific common tasks.
Users can report incidents via phone, email or online portal.
Incident reports are provided to pre determined stakeholders in PDF format for high impact incidents and users can check directly in the online portal for normal or low impact incidents.
Secure development
- Approach to secure software development best practice
- Conforms to a recognised standard, but self-assessed
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- Yes
- Who implements virtualisation
- Supplier
- Virtualisation technologies used
- VMware
- How shared infrastructure is kept separate
-
Organisations are provided with their own dedicated virtual machines. Although multiple organisations may have virtual machines on the same physical server hardware, they are segregated at a network level via VLAN.
A VLAN is created for each client and each VLAN is explicitly denied communications with another VLAN at both the switch and firewall level.
Energy efficiency
- Energy-efficient datacentres
- No
Pricing
- Price
- £0.20 a gigabyte a month
- Discount for educational organisations
- Yes
- Free trial available
- No
Service documents
Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format,
email the supplier at m.patel@fifosys.com.
Tell them what format you need. It will help if you say what assistive technology you use.