Sungard Availability Services (UK) Ltd

Managed Cloud Services for UK Government. Sovereign Private Cloud (Official)

Sungard AS’s Sovereign Managed Cloud Services for UK Government (Official) service is validated and assured to process data marked as Official (Official-Sensitive). PSN Assured, Protected, PSNP A+P, and Internet connectivity are available. Each customer is assigned one or more Virtual Data Centre(s) with compute, network, storage resources and operating systems.

Features

  • Hosted within Police National Accreditor Approved UK datacentres
  • Fully redundant multi-tenancy multi-site enterprise infrastructure
  • A dedicated SC Cleared UK-based Service Operations team
  • PSN Assured and Protected, PSNP A and P, and Internet
  • Reserved Public Services Network (PSN) bandwidth
  • Up to 99.99% Availability Service Level Agreement (SLA)
  • Protective monitoring of the platform and available for customer workloads
  • Security Domain connection gateway
  • Aligned with the NCSC 14 Cloud Security Principles
  • Accreditation Advisory Services

Benefits

  • Fully Managed Services
  • Reduction in overall costs and compliance risks
  • Flexibility in computing demands
  • Consume infrastructure within an OPEX-based financial model
  • Pre-accredited platform - customer only has to accredit their applications

Pricing

£59 a virtual machine a month

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government@sungardas.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

9 0 4 6 2 7 7 9 0 8 9 4 5 9 9

Contact

Sungard Availability Services (UK) Ltd Sungard Availability Services
Telephone: 0800 143 413
Email: government@sungardas.com

Service scope

Service constraints
The service includes planned maintenance arrangements to perform routine and scheduled maintenance of the platform. This is required to maintain availability and ensure security integrity of the service. It is also required to adhere to service certifications to continue to connect and provide services on the PSN.

For customer's Virtual Data Centre (VDC) or workload environments and specific only to this, standard and routine maintenance, including the implementation of security and critical patching, fixes or hardware and software upgrades, the planned maintenance windows are agreed with the customer. This is managed in line with the PSN patching requirements.
System requirements
  • Managed OS are hardened which includes Anti-Virus
  • All VMs include Anti-Virus
  • IPSec VPN over the Internet
  • Access to Assured and Protected Zones (different security domains)
  • Windows OS 2008 R2 and 2012 R2 supported
  • Redhat Linux OS 6.5 and 7 supported
  • Fully managed firewalls and networking
  • Remote management access is via a secure laptop
  • UK only access
  • Security clearance for administrators

User support

Email or online ticketing support
Email or online ticketing
Support response times
In relation to incidents the following response times are:
Priority 1 = 15 minutes
Priority 2 = 30 minutes
Priority 3 = 60 minutes
Priority 4 = 2 hours

In relation to service requests, we acknowledge according to the following times:
Priority 1 = 15 minutes
Priority 2 = 30 minutes
Priority 3 = 60 minutes
Priority 4 = 12 hours
These times are determined once the service request is categorised, classified and assigned an owner.

The service desk is available 24 by 7 and 365 days a year to respond to questions.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We offer different levels of support according to the type of VMs:

- For Dev and Test (Alpha/Beta) virtual machines on shared platform, the service desk is available 24/7 with a support window from 8:00am to 6:00pm UK time, Monday to Friday (excluding UK holidays). Out of Hours (OOH) for change implementation and P1/P2 support when required.

- For Standard (Production) and High Availability (Production) virtual machines on shared platform and Production Managed Physical Hosts, the service desk is available 24/7 and the support window is 24/7.

We provide service managers at an extra cost, enhanced service management is available as a chargeable service.

The service follows ITIL v3 best practice processes and procedures.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
As a fully managed service, we provide full on-boarding services through our consulting and operational teams.

We have user documentation such as on-boarding and service management documentation covering how to raise tickets, service request, change, escalations etc.

We can also offer customers with onsite training at additional cost.
Service documentation
Yes
Documentation formats
  • HTML
  • ODF
  • PDF
  • Other
Other documentation formats
  • Microsoft Word
  • Microsoft Powerpoint
  • Microsoft Excel
End-of-contract data extraction
Full data extraction is available through our kiosk process which allows data to be moved to a destination of the customer's choice.

Enhanced data erasure is also available with additional cost.
End-of-contract process
At the point of termination, all your data, accounts and access will be securely deleted; there will be no mechanism to subsequently recover data after this point.

Full data extraction is available through our kiosk process which allows data to be moved to a destination of the customer's choice.

Enhanced data erasure is also available with additional cost.

Using the service

Web browser interface
Yes
Using the web interface
We provide customers access to a web portal that allows them to raise incidents, service request and change.

Full administrative access to the VMs can be achieved through the through 3rd party remote access laptop.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Our web portal is accessible through a standard internet browser.
Web interface accessibility testing
No assistive technology users have been used to test the web interface.
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
Users have the option to purchase contended and uncontended VMs.

Uncontended VMs have guaranteed memory and CPU reservations avoiding the customer's service being affected by the demand of other users.

Storage is allocated to the VMs on a dedicated basis.

Performance is continually monitored and re-balancing across resources can be undertaken with zero downtime.
Usage notifications
Yes
Usage reporting
  • Email
  • Other

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • VM patching levels
  • Anti-Virus update status
Reporting types
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Scale, obfuscating techniques, or data storage sharding
  • Other
Other data at rest protection approach
Sungard AS provides “known locations for storage, processing and management” of the service and all data within.

All Sungard AS UK Ltd contracts are with a UK registered Company and are governed under UK Law.

Sungard AS data centres conform to a recognised standard. The operating locations which host and manage Sungard AS's Managed Cloud Services for UK Government (Official) are certified to ISO27001. All UK Data Centres undergo an annual review against ISAE 3402 Type II.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Virtual Machines
  • Files
  • Databases
  • Network configuration
Backup controls
Through initial backup policy capture during on-boarding from a list of options and through service request during in-life service. This is available to different VMs.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Sungard AS implements IPsec VPNs for the protection of administrative traffic.
All vendor patch downloads and imports are protected via TLS.

Network segregation is further enforced utilised using multiple firewalls and VLANs. These controls have been verified via ITHC.

Sungard AS Customer portal is protected via TLS

Availability and resilience

Guaranteed availability
Up to 99.99% availability assured by contractual commitment
Approach to resilience
Sungard AS offers an SLA for customers for Service availability.
Single-site service availability for a customer is 99.5%.
Dual-site service availability for a customer is 99.9%.
All service elements within a single site are resilient and are redundant between sites catering for high availability services.
Sungard AS can provide a system design review and analysis with the customers if required. This is available on request and at additional charges.
Outage reporting
Sungard AS reports any outage via email alert to customers.

Identity and authentication

User authentication
  • 2-factor authentication
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
The Sungard AS secure service administration adopts the “dedicated devices on a segregated network” model. This is a “known service management architecture”.

This offers the highest segregation and separation of the management functions.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Lloyd's Register Quality Assurance
ISO/IEC 27001 accreditation date
3/12/2013
What the ISO/IEC 27001 doesn’t cover
The following is what is covered. The manage of the processes, the people and assets operating out of Sungard AS's LTC ,TC2, TC3, TC4 datacentres and the TC5 data centre operations team, that support our Managed Cloud Services for UK Government (Official) service, and supporting functions (Finance, Procurement, Legal and HR functions) within our Theale and LTC A offices are covered by it's ISO/IEC 27001 certification.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
  • PSN Code of Connection
  • PSN Service Provision
  • ISAE 3402 (formerly SAS 70)
  • ISO 22301 (formerly BS 25999)
  • ISO 27031 (formerly BS 25777)
  • Cyber Essentials Plus
  • ISO 20000

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Sungard AS has an information security management system that certifies to ISO27001 which includes an overall security policy. Adherance to the policies is regularity audited by an independent external provider.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Sungard AS has a governance process in place to track all assets and to review and manage change to the platform. This process is encompassed within the Sungard AS ISO27001 certification.

All changes are reviewed and approved including impact from a security perspective before implementation.
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Sungard AS applies patches to the platform, including customer managed elements in accordance with the PSN Code of Compliance patching regime. Critical patches within 14 Days; Important Patches within 30 Days; Other Patches within 60 Days

Sungard use automated Vendors tools to retrieve and manage the application of patches.

A patching policy is in place and the estate is regularly checked for patch compliance via the annual ITHC. Multiple ITHC’s are undertaken each year.

Where emergency patches are required to address an imminent threat to the platform or service then the Sungard AS change management process can support this.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Sungard AS employs a Protective Monitoring service that complies with GPG13 and operates at the DETER assurance level.

The Service monitors events from all the infrastructure and management elements of the platform. Events of interest raise alerts to the 24 x 7 SOC. Any suspicious activity is then notified to the Sungard AS Secure operations team.

Sungard AS allows customers to implement their Own Protective Monitoring regime for the application and Operating Systems of guest workloads. Customers can also elect to have a managed service provided by Sungard AS which results in events being sent to the same SOC.
Incident management type
Supplier-defined controls
Incident management approach
Sungard AS has a defined incident management process which is available on request.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
Sungard AS use virtualisation technologies to provide separation between customer workloads.

Compute separation is enabled through the VMware ESXi product configured in accordance with NCSC recommendations. Customers may implement physical devices as part of their service, separation of these is provided through network separation.

Network separation between customers is achieved through virtual routing and forwarding (VRF) technologies and virtual networking capabilities (such as virtual firewall instances for each customer). Network separation within a customers service is provided by virtual LANs (VLANs).

Storage separation is enabled through virtualised storage within the Netapp FlexPod storage architecture.

Separation has been verified by ITHC.

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£59 a virtual machine a month
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
Sungard AS offers a Proof Of Concept (POC) trial for free for a limited period upto 3 months. This is for a small VDC with the required compute, storage and network to stand up an application in the Assured Zone (security domain that has connectivity to the Internet).

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at government@sungardas.com. Tell them what format you need. It will help if you say what assistive technology you use.