Beyond Systems Limited

Smart Cloud Controller

The Beyond Smart Cloud Controller is a unique service that manages a customer’s Oracle “Universal Credits” efficiently by shutting down and starting up cloud environments to a user defined schedule

Features

  • Ability to consume service credits as needed
  • Stop and start cloud environments to a schedule
  • Make savings on Oracle Universal Credits
  • Monitor and estimate Oracle Universal Credits
  • Optimised usage of Oracle Universal Credits

Benefits

  • Control Oracle Universal Credits
  • Efficient use of Oracle Universal Credits
  • Encourages a green carbon footprint
  • Optimised usage of Oracle Universal Credits
  • Reduces Oracle spend on cloud infrastructure

Pricing

£10,000 an instance

  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.daynes@wegobeyond.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

9 5 2 2 7 4 6 9 0 1 3 0 1 1 3

Contact

Beyond Systems Limited Mark Daynes
Telephone: 08450940998
Email: mark.daynes@wegobeyond.co.uk

Service scope

Service constraints
The service is dependent upon an Oracle database cloud which will on occasion require service patches itself.
System requirements
Oracle Cloud Database

User support

Email or online ticketing support
Email or online ticketing
Support response times
During working hours Mon-Fri 9.00 -17.00 - questions are acknowledged same day. Response times are rolled forward to the next working day if raised at weekends
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
9 to 5 (UK time), Monday to Friday
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
With any assignment we undertake we will discuss with the customer as the level of support that they require and make appropriate provisions.
Support available to third parties
No

Onboarding and offboarding

Getting started
We help the customer setup, connect and configure the Smart Cloud Controller initally to work with their cloud setup.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
Once the contract ends, the service will be deleted along with the data. For applications that hold users data, an extraction process will be agreed with the user prior to the contract end date where a charge will be agreed.
End-of-contract process
At the end of the contract the cloud service will be terminated which is included in the cost. Additional charges will be agreed for any data extraction required at the termination.

Using the service

Web browser interface
Yes
Using the web interface
The users can use the application to schedule the stop and start of their services
Web interface accessibility standard
WCAG 2.1 AAA
Web interface accessibility testing
Oracle regularly conducts testing to ensure that the user interfaces are perceivable, operable and understandable by people with range of abilities. Continually testing coding, visual operation, manual operations, too-assisted operations across people with and without disabilities.
API
No
Command line interface
No

Scaling

Scaling available
No
Independence of resources
The service itself requires very little system resources therefore we do not anticipate users will be affected by the demand of other users.
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
No

Resellers

Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Oracle Corporation

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Other
Other data at rest protection approach
Data at rest is held on an Oracle Hosting Service and this is protected by Oracle's own standards.
Data sanitisation process
Yes
Data sanitisation type
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
Yes
What’s backed up
The database
Backup controls
A request for backup frequency is arranged directly with Beyond at the start of the contract.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
The data protection between buyer and supplier is controlled by third party hosting providers but this is usually - TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
The application can be available 24 hours per day but on occasion the Database provider, Oracle, will need to take short service intervals to apply patch and security updates. Where necessary, Service Levels and outcomes will be agreed with the customer prior to any engagement. Under such circumstances, we would be happy to discuss Financial Recompense Models.
Approach to resilience
Available on request
Outage reporting
Email alerts and/or telephone calls to impacted customers

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
Access restrictions in management interfaces and support channels
Access is restricted in management interfaces and support channels by roles within the application to ensure only those authorised can access the system
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
Devices users manage the service through
Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
No audit information available
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber Essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
No
Security governance approach
Our security governance aims to be compliant with ISO:27001:2013
Information security policies and processes
Beyond have a written security policy available on request. Security roles are assigned to specific individuals with their defined responsibilities, including access security as well as the network. Beyond are Cyber Essentials Certified

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All change is governed by a Change Management Board. A configuration and change management log tracks all changes needed and the reason, plus the person responsible for making the change. All change must be approved by our Project Manager and this approval date is recorded in the configuration log. All technical changes are controlled by source control system so we are able track any change that has triggered an error.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Monitoring and assessment is a continual process and we deploy counter measures before potential threats arise. We work closely with Oracle who advise of potential threats and patches as they are identified.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Monitoring and assessment is a continual process. We work closely with Oracle who advise on any potential threats when they arise. All potential compromises are dealt with as urgent and requiring immediate assessment and resolution.
Incident management type
Supplier-defined controls
Incident management approach
At the start of the engagement the incident management process is agreed with the customer along with how they wish to report incident as well as how they wish reports to be issued to them.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
No

Energy efficiency

Energy-efficient datacentres
No

Pricing

Price
£10,000 an instance
Discount for educational organisations
No
Free trial available
Yes
Description of free trial
1 month free trial is available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at mark.daynes@wegobeyond.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.