Infosys Limited

Infosys Cloud Foundation, Cloud Build, Cloud migration services

We help build a cloud environment that minimizes the IT footprint, optimizes costs and performance while ensuring effective management and governance. Infosys leverages partnerships with established cloud providers like AWS, Microsoft Azure, Google Cloud and Oracle. Our services focus on automation,RPA,Bots etc

Features

• Strategy & Incubation
• Transformation (Build and Migrate)
• Cloud Journey accelerator tools
• Cloud Automation
• Cloud Operation optimization
• Center of Excellence
• Cloud Migration assessment framework
• Flexible Delivery Model

Benefits

• Infosys has Premium partnership with AWS, Azure, Google and Oracle
• 500+ engagement, 4750+ certified experts, 15800+ consultants
• Enterprise Ready Cloud Foundation setup as early as 45 days
• Reducde time to market using DevOps enabled Infosys Automation framework
• Cost Flexibility - Variability of costs every Month
• MTTR - 50% - 70% reduction in time and effort
• Lower IT Operational cost - ~50% less operational cost
• Value of agility - Faster delivery of products/services
• Flexible service level - Minimal changes required for SLA change
• Automation for Infrastructure-as-code and confguration-as-code

£180 to £1,400 a person a day

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Peter.Gill@infosys.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

909439905972392

Contact

Peter Gill
+44 7391393866
Peter.Gill@infosys.com

Service scope

• Service constraints: None
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Email, Ticketing support depends on the operating model for each engagement. Based on the customer business requirement we will have Service Level agreements for response and resolution time.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: N/A
• Onsite support: Onsite support
• Support levels: We provide all levels of support, Level 1, level 2 and Level 3. from Cloud engineer to Cloud Solution archirect to technical account manager to cloud program manager
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide customised solutions for every customer based on the customer requirements.; We provide the design documents, User guides, Online training to the end users.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats: Ppt, word
• End-of-contract data extraction: If Infosys owns the Cloud account, at the end of contract we either; 1. Take the backup of the data and share in the format requested by the buyer or; 2. Migrate the data to the next service provider and provide the transition
• End-of-contract process: End of the contract is subject to terms and conditions of the contract with the respective customer

Using the service

• Web browser interface: Yes
• Using the web interface: 1. Cloud provider web Console is used e.g. AWS webconsole for AWS services, Users can manage all services using Web interface
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Cloud Service provider offered APIs. Example: AWS API.; we can access, manage and change all the services using API
• API automation tools:
  • Ansible
  • Chef
  • OpenStack
  • Terraform
  • Puppet
  • Other
• Other API automation tools: SDKs available for various programming languages- Java, Python, .Net
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: We can access, manage and change all the services using API

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Auto Scaling of the resources as the demand increase
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: AWS, Microsoft Azure, Google Cloud, Oracle Cloud

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Less than once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with another standard
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• Backup controls: 1. Based on the customer requirements and approved backup and recovery tools we will schedule the backup schedules.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: We will implement site-site VPN between buyer's and our/Cloud provide network.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • Other
• Other protection within supplier network: Encrypt data in-transit and data at rest

Availability and resilience

• Guaranteed availability: Guaranteed availability is provided by the respective cloud providers
• Approach to resilience: Infosys will build the resilience in the system using High Availability, Disaster Recovery and Backup solutions provided by the respective public cloud providers.; ; For Ex:; 1. In case of AWS, AWS regions are groups of independent data-centers. Every region is made up of two or more Availability Zones, which are independent and isolated data-centers. Using EC2 instances across multiple availability zones and also using managed services, like auto scaling, ELB and S3 will provide better resilience and high availability.
• Outage reporting: E-mail Notification

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: User, password, MFA, Public Key, Role based Access Using Identity and Access Management services offered by the Cloud Provider.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Bureau Veritas Holding SAS - UK
• ISO/IEC 27001 accreditation date: 2017
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials
  • ISO 27001:2013
  • SSAE 18 SOC 1 Type II

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Infosys as an organisation is aligned and certified to ISO 27001:2013 which is an Industry recognized information security standard. Infosys’ Information Security Policy framework is aligned and certified to ISO 27001:2013 Information Security Standard. The information security framework is supported by a set of supplementary policies, procedures & standards aimed at achieving the enterprise level information security objectives.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Provides systematic approach to control life cycle of all changes, facilitating beneficial changes to be made with minimum disruption to IT services. Change Management offers ITIL-aligned processes for normal, standard, and emergency change types.; Normal change: Follows complete change lifecycle including peer or technical approval, management, Change Advisory Board (CAB) authorization before being implemented, reviewed, closed.; Standard change: Frequently implemented, repeatable implementation steps, low risk, proven history of success.; Emergency change: Covers fix on fail or retroactive situations where impact to service has been experienced or fail situations where the impact to service is imminent if action is not taken.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Infosys has a defined process to monitor all threats including security vulnerabilities and we engage in periodic vulnerability scanning and penetration testing of systems.; ; Regular vulnerability assessment & penetration testing(VA/PT) is conducted on sample internet facing infrastructure and applications by Information Security Group(ISG) as well as an independent external agency. Penetration Testing exercise is conducted every quarter on Corporate Critical Infrastructure & Applications on sampling basis. External agency is engaged every alternate quarters (once in 6 months) to perform the VA/PT, for remaining two quarters ISG performs the VA/PT.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Infosys has an enterprise security information and event management platform (SIEM) which collects, correlates, monitors and stores logs from various critical enterprise infrastructure and retains the same for one year. The log monitoring and analysis is done at the 24/7 x 365 operational Global Security Operation Centre (GSOC). There are preconfigured alerts on the platform which triggers as an incident and are worked upon based on the severity defined and the associated standard operating procedure. The incidents are detected, investigated, closed and the track is maintained as knowledgebase
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We follow ITIL incident management process

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Other
• Other virtualisation technology used: Supplier. Virtualisation technology is provided by the respective public cloud providers
• How shared infrastructure is kept separate: Virtualisation technology is provided by the respective public cloud providers

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Cloud service provider like AWS , Azure maintains their datacentre as per EU code

Pricing

• Price: £180 to £1,400 a person a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

• Modern Slavery statement

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at Peter.Gill@infosys.com. Tell them what format you need. It will help if you say what assistive technology you use.