This G-Cloud 10 service is no longer available to buy.

The G-Cloud 10 framework expired on Tuesday 2 July 2019. Any existing contracts with Fifosys Limited are still valid.
Fifosys Limited

Secure Managed Fifosys Private Cloud

Fifosys provide a private cloud platform hosted from two UK third party data centres for organisations that require a custom approach not provided by the public cloud. Our infrastructure has been in place since 2012 providing a dedicated hosted IT infrastructure for clients to access their systems remotely.

Features

  • Real Time reporting
  • Scaleable on demand
  • Remote Access
  • Client isolation
  • Dedicated bandwidth

Benefits

  • Can scale to meet the needs of the organisation
  • Can be easily accessed on the move
  • Removes the need for large investment in on-premise infrastructure
  • Fully managed and maintained environment

Pricing

£0.20 a gigabyte a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at m.patel@fifosys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 10

Service ID

8 6 9 6 3 2 8 1 2 3 1 7 1 8 2

Contact

Fifosys Limited Mitesh Patel
Telephone: 02076442610
Email: m.patel@fifosys.com

Service scope

Service constraints
Service constraints include a planned maintenance window that will be agreed with the client to allow for proactive maintenance.
System requirements
Standard connectivity via VPN

User support

Email or online ticketing support
Email or online ticketing
Support response times
The Fifosys service desk is available 247 365 days of the year. This service provides a fully manned operation with engineers sitting in front of screen, taking calls, responding to emails and monitoring systems. Fifosys respond to incidents much faster than our SLA. We maintain a response and resolution time of 20 minutes for 86% of incidents to our desk. Our SLA is 1 hour for a priority 2 & 3 and 20 minutes for a priority 1. But we average 8 minutes response times to email support requests. These response times do not vary at weekends.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Fifosys provide 1st, 2nd and 3rd line support 24/7/365. Our Network Operations Centre (NOC) proactively monitor, maintain and remediate clients systems. This is all standard service as part of our pricing model. We provide a team which includes an IT Manager who manages the Service team (NOC & Support), an Account Manager who is responsible for day to day management of the account from a sales perspective, and Technical architects who are responsible for discussing and identifying the right technical solutions for our clients.

We encourage clients to make use of tools we provide giving full visibility of what we do, including access to a service portal to view Service Desk activity. Our incident reports and status reports give clients the information needed if anything does not meet expectations we will be open in our resolution. This forms the basis of agreed KPIs to help gain trust and sustain long professional relationships.

This data is a central focus of Service Reviews and is invaluable in identifying training needs, potential problems or areas where systems aren’t delivering what the organisation needs. This detail has been noted in external quality audits and by vendors specialising in managed service applications and CRM systems.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
We provide a tailored training program for the cloud service dependant on the requirements. This can include on-site training, workshops or on-line training. This can even be combined if required.

We have a large repository of user documentation that we share on how to use the various elements of the service.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Data can either be extracted manually bu the users or Fifosys can be instructed to provide all of this data on removable media. The user must supply or agree to the costs of Fifosys supplying the media.

This data is then removed from our systems and backup.

Any configuration documentation relating to the service and configuration items will be exported from our IT glue system and provided to the client in PDF format
End-of-contract process
Extracting the users live data is included in the price of the contract as are all termination fees.

Any media required to export data is not included and this must be purchased by the user or the user must agree to the costs of Fifosys purchasing this on their behalf.

The export of historic backups is not included as this can be a time-consuming process and the cost is dependant on how many generations of data need to be exported.

All licencing within the cloud is also provided on an SPLA basis and therefore remaining the property of Fifosys

Using the service

Web browser interface
No
API
No
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
We allocate sufficient resource and performance across the platform to support all the users and their requirements. We do not allow automatically scaling and any new services are provisioned by our support staff to ensure that there are no unexpected peaks in demand.

Regular capacity planning on the environment takes place to ensure we are prepared for growth.

The environment is also proactively monitored by our 24/7/365 NOC and alerts automatically generate tickets in our CRM system if services go outside their configured thresholds.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
Performance
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Files
  • Virtual and physical servers
  • Network Attached Storage ( NAS)
  • Storage Area Network (SAN)
  • Database Applications
  • Software Applications
Backup controls
Users have a high degree of granular options to configure the backup schedule. By default we configure all backups for every hour but there are options for critical systems to backup as frequently as every 5 minutes. As part of the installation process we agree the frequency across each file type, virtual server or critical application to sign off the backup schedule.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • IPsec or TLS VPN gateway
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
We provide a 99.9% SLA on the data centre environment.

Users are refunded up to 10% of the monthly cost of hosting if we do not meet the SLA
Approach to resilience
Our datacentre environment is highly resilient. All hardware has a minimum of N+1 for redundancy. The entire environment is replicated to a 2nd site to protect against a complete data centre outage and there are multiple connection paths in and out of the data centre.

The cloud environment is also proactively monitored 24/7/365 to ensure that any failures or predicted failures can be dealt with as soon as possible.

Further details of the resiliance are available on request.
Outage reporting
Any service outages would be reported via email alerts. Any outages would be classed as a priority 1 - High impact incident and follow our high impact incident process.

Users would be continuously updated on progress of the issue until resolved.

Identity and authentication

User authentication
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
Only authorised individuals from our organisation can manage the system and strong authentication is in place. The management layer is segregated from the service networks to prevent any issues affecting service.

All access to the systems are through N-able and an audit trail is in place.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Username or password
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users receive audit information on a regular basis
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
BSI
ISO/IEC 27001 accreditation date
11/09/2017
What the ISO/IEC 27001 doesn’t cover
Dont Know
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Information data security is an essential part of the Fifosys business. The directors recognise the need for its clients and end users information data to remain secure and confidential at all times. Clients and Fifosys internal departments collaborate to ensure that data stays secure.
Information data security systems are reviewed at regular intervals and outcomes are made available to other relevant organisations. Current policies exist for the following which are audited each year as part of our ISO 27001 accreditation:
Information Security Organisation
Classifying Information and Data
Controlling Access to Information and Systems
Processing Information and Document
Purchasing and Maintaining Commercial Software
Securing Hardware, Peripherals and Other Equipment
Fifosys Personnel
Detecting and Responding to Incidents
Business Continuity

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow the ITIL framework for change and configuration management.

All changes are logged in our ERP system - Connectwise and changes must include a reason, the technical steps, the risk assessment, the service impact, a rollback plan, a test plan and a schedule of communications. All changes, once submitted are reviewed by the change management board.

All configuration are also tracked in Connectwise with installation date, service/warranty expiry, any 3rd party details and any associated configuration. Automatic updates of configuration items is also performed from our RMM tool, (N-Able) to Connectwise.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
We are continually assessing threats to our service. We use automated cyber security tools such as cyberscore from XQ cyber ( A Check service provider) to continuously poll our environment for new threats and suggest remediation plans.

We patch our and our clients servers every week using our automated patch management service.

We also deploy next generation firewall products with anti malware protection, constantly upgraded from Cisco and we employ automated Ransomware protection across all our servers.

We get our sources of threats from our multiple partners including, Microsoft, Cisco, VMware, XQ Cyber and N-able
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We use our proactive monitoring tool (Nable), to identify threats. This monitors all aspects of the environment from servers to networking to anti-virus.

Data is also proactively monitored for RansomWare attacks through our backup solution.

When a threat or compromise is detected a ticket is automatically logged in our ERP system (Connectwise) and handled as a priority 1 ticket.

We respond to these incidents within 15 minutes
Incident management type
Supplier-defined controls
Incident management approach
Our incident management process is based on the ITIL framework for service management. Incidents are categorised into service issues where IT has failed and support issues where IT hasn't failed i.e. a new user request.

We have pre-defined processes for common events such as new users, subject access requests, permission changes, mobile device setup, upgrade and client specific common tasks.

Users can report incidents via phone, email or online portal.

Incident reports are provided to pre determined stakeholders in PDF format for high impact incidents and users can check directly in the online portal for normal or low impact incidents.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
Organisations are provided with their own dedicated virtual machines. Although multiple organisations may have virtual machines on the same physical server hardware, they are segregated at a network level via VLAN.

A VLAN is created for each client and each VLAN is explicitly denied communications with another VLAN at both the switch and firewall level.

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£0.20 a gigabyte a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at m.patel@fifosys.com. Tell them what format you need. It will help if you say what assistive technology you use.