MDS Technologies Limited

Datto SaaS Protection for Office 365 and G Suite

MDS Technologies provides Office 365 & G Suite Backup from Datto. Datto SaaS Protection protects email, files and sites hosted in SaaS applications from any kind of unwanted deletion, ransomware, and app overwrite errors.

Features

• Automated 3x a day backup of your most important apps
• Automatic archiving of deprovisioned users
• Recovery from ransomware in the cloud
• SOC 2 Type II Compliance and HIPPA compliance support
• Protection of business-critical cloud data

Benefits

• One supplier for consultancy, design, implementation and support
• Bespoke fixed rate packages
• IT Consultancy to maximise benefits of your IT
• Strategic technology partnerships – We’re not tied to one supplier.

£2.40 to £2.40 a user a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Framework

G-Cloud 12

Service ID

947556996692823

Contact

Ben Grantham
01225 816280
sales@mds.gb.net

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Office 365 subscriptions covering Teams, SharePoint, etc.
• Cloud deployment model: Private cloud
• Service constraints: Planned maintenance for core SaaS product
• System requirements:
  • Office 365 account and subscription
  • G Suite account

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Tickets are responded to on a priority basis. We aim to respond to ALL initial questions within 15 minutes during normal business hours (7:30-17:30 Mon-Fri).
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: MDS' standard support includes Project Managers, Service Delivery Managers, Technical Account Managers, Support Engineers Monday-Friday between the hours of 7:30-17:30. We aim to respond to ALL incidents and requests within 15 minutes, with a priority on resolving P1 incidents.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Customers on-boarding the service with MDS Technologies will need a project which manages their entry or exit, the scope of which will depend on the entry/exit parameters. The price for this will be by application and use the SFIA day rates appropriate to the work being completed. As part of the on-boarding process customers will be provided with the following:; - information on the ordering and invoicing process:; - how to terminate your contract; - after sales support
• Service documentation: No
• End-of-contract data extraction: The administrator of the Datto SaaS protection account can securely export users data using user name, date range and files to various formats of:; Email MBOX format, then to PST (3rd party tool); Calendar: to iCal (ICS) format; Contacts: to .VCF format; OneDrive: to a zip file; SharePoint sites: to a zip file
• End-of-contract process: The price is a monthly cost with a minimum term.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: Yes
• Description of service interface: Self service portal to allow backup, and restore of files.
• Accessibility standards: None or don’t know
• Description of accessibility: Via a web browser
• Accessibility testing: N/A
• API: No
• Customisation available: No

Scaling

• Independence of resources: The service is reviewed by Datto to look at resource levels.

Analytics

• Service usage metrics: Yes
• Metrics types: Datto user portal
• Reporting types:
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Datto

Staff security

• Staff security clearance: Conforms to BS7858:2012
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: The administrator of the Datto SaaS protection account can securely export users data using user name, date range and files to various formats of:; Email MBOX format, then to PST (3rd party tool); Calendar: to iCal (ICS) format; Contacts: to .VCF format; OneDrive: to a zip file; SharePoint sites: to a zip file
• Data export formats:
  • CSV
  • Other
• Other data export formats:
  • MBOX
  • ICS
  • VCF
  • ZIP
• Data import formats: CSV

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: All service level agreements are as per the ones supplied by Datto, and published by them.
• Approach to resilience: Available on request to Datto.
• Outage reporting: Email alerts.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Supplier defined controls.
• Access restriction testing frequency: Never
• Management access authentication:
  • 2-factor authentication
  • Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: LRQA
• ISO/IEC 27001 accreditation date: 03/11/2017
• What the ISO/IEC 27001 doesn’t cover: MDS' risk assessment process has highlighted that the following area of ISO27001 is out of scope: 14.2.7 Information Systems: Outsourced Development
• ISO 28000:2007 certification: No
• CSA STAR certification: Yes
• CSA STAR accreditation date: 28/10/2016
• CSA STAR certification level: Level 1: CSA STAR Self-Assessment
• What the CSA STAR doesn’t cover: Nothing
• PCI certification: No
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Essentials Plus
  • PSN Connection Certificate

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials; Cyber Essentials Plus
• Information security policies and processes: We follow the policies and procedures laid down in ISO 27001:2013 standard. In particular, our Information Security Management System contains all of the policies that support our security management approach. Our Information Security Policy provides the highest level policy statements which is supported by a comprehensive Acceptable Use Policy which all staff must sign before being granted any system/Network access. Additional policies cover key areas including Security Incident Management, Management Review, Document Control, Data Protection, Access Control, Business Continuity, Encryption, Patch Management and Auditing. As part of our Service Implementation Process we carry out a pre-handover security audit to ensure that we have met the required MDS Security standards as well as any specific customer security requirements which have been agreed. All of the above is supported by an extensive internal and external (UKAS accredited) Audit programme which ensures that we maintain the high level of security standards laid down in our processes.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: The components of your services are tracked through their lifetime; changes are assessed for potential security impact
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Operational security processes are confidential
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Operational security processes are confidential
• Incident management type: Supplier-defined controls
• Incident management approach: Operational security processes are confidential

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Pricing

• Price: £2.40 to £2.40 a user a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Provided directly with Datto.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF