Redstor Ltd

Redstor Pro

Redstor provides a full data management suite, specifically including: Fully redundant offsite backup; Data Archiving to save primary storage space; Multiple format search and discovery

Features

  • Instant Data Recovery
  • Secure Cloud Backup and Recovery/GDPR Compliant
  • Archiving
  • Disaster Recovery
  • O365 backups
  • Remote Access
  • Search and Insight
  • Local Copy
  • Data Migration
  • Centralised Management

Benefits

  • Eliminate downtime. Instant Data provides on-demand access to your data
  • End delays accessing archived data, whilst reducing primary storage costs
  • Meet your recovery targets with instant recovery
  • Discover, search and action the entirety of your data
  • Stop cloud lock-in. Move data between different clouds and platforms
  • Manage hundreds of sites through a single console
  • Capita Approved for the protection of SIMS
  • Compliant with the DFE's self certification requirements
  • Secure, Dual UK Data Centres, Redstor hold ISO 27001/22301/9001
  • 15 year track record delivering enterprise grade cloud solutions

Pricing

£0.50 a gigabyte

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@redstor.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

9 6 2 4 5 9 5 0 2 0 1 7 0 9 5

Contact

Redstor Ltd Sales
Telephone: 0118 951 5200
Email: sales@redstor.com

Service scope

Software add-on or extension
No
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
Some features not available for older operating systems (2008 original and older). Some features still in development for Macintosh machines.
System requirements
  • Windows
  • Macintosh
  • Linux clients available

User support

Email or online ticketing support
Email or online ticketing
Support response times
Our UK-based support team typically respond to queries within minutes. We have a detailed SLA agreement with varying guaranteed response times depending on severity, from 1 hour for the highest severity issues to 48 hours for the lowest severity.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
None or don’t know
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Unknown
Web chat accessibility testing
Unknown
Onsite support
Yes, at extra cost
Support levels
SEVERITY RATING ESTIMATED RESPONSE TIME 1 1 HRS 2 2 HRS 3 24 HRS 4 48 HRS SEVERITY RATING ESTIMATED RESOLUTION TIME 1 4 HRS 2 24 HRS 3 48 HRS 4 To be discussed with client. Severity rating one means that a critical Service is unavailable. The impact on the End User’s business is severe with multiple users unable to perform their normal work, or there is a serious, adverse business or financial impact. The users have no readily available alternative way of performing their normal work. Severity rating two means that a non-critical service is unavailable. There is a minor impact on business. The End User is having difficulty in performing their normal work or can undertake other work whilst the problem is being rectified. Severity rating three means that the Service is impaired. Therefore, there is no direct immediate impact on the End User’s business and its users; though employees are inconvenienced by the problem. The End User has readily available alternative ways of performing normal work. Severity rating four means that the End User requires additional services non-critical in nature. All support included as standard. Support is provided through a ticket system.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
Initial training is provided by web demonstrations from our operations and support team. Full onsite training is also available at additional cost. Full documentation is available in the form of FAQs and manuals available through the support site.
Service documentation
Yes
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
Customers can restore their data at any time before the end of the contract. Any archived data should be restored/downloaded before the end of the contract.
End-of-contract process
Data is retained for 30 days following termination. There is no extra charge for this.

Using the service

Web browser interface
No
Application to install
Yes
Compatible operating systems
  • Linux or Unix
  • MacOS
  • Windows
Designed for use on mobile devices
No
Service interface
No
API
Yes
What users can and can't do using the API
The API is developed and maintained by Redstor. Redstor provides an API (RESTful) as part of the service which allows users to perform a variety of actions. This includes the ability to query the storage platform for account information (reporting), provisioning accounts (automated/integrated provisioning) and much more. Further information regarding the use of the Redstor API can be found on our support site in the following user guide: https://partners.redstor.com/system/files/downloads/docs/redstor-backup-pro-v16/backuppro-sp-api-quick-guide-v16-rev1.pdf
API documentation
Yes
API documentation formats
  • Open API (also known as Swagger)
  • PDF
API sandbox or test environment
Yes
Customisation available
Yes
Description of customisation
The service provides various customisation options. These include but are not limited to; 1) Ability to customise collection/group structure. - Customer controlled via the management console 2) Ability to customise backup selections - Customer controlled via the management console/local agent 3) Ability to customise backup schedules - Customer controlled via the management console/local agent 4) Ability to customise features and functions that are used - Customer controlled via the management console/local agent 5) Ability to customise email reporting - Customer controlled via the management console/local agent 6) Ability to request custom reports. - Customer requested via support channels (email/telephone/form submission) and actioned by Redstor's support team.

Scaling

Independence of resources
As part of our adherence to ISO27001 (Information Security) and 22301 (Business Continuity) we maintain a Capacity and Storage Management Policy. This policy outlines how we manage capacity and storage for all our critical systems. We proactively monitor all platform components to ensure optimum service delivery and availability. The platform is designed with scale in mind and can be scaled up as required to meet the demands of our customer base. We also have load balancing in place to ensure that service degradation does not occur as a result of increased demand for our services.

Analytics

Service usage metrics
Yes
Metrics types
A variety of metrics are available in user configured dashboards and reports (automated or ad-hoc). These include total data stored in the cloud, data selected on client machines, rate of change per backup, backup duration, backup outcomes etc
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Staff screening not performed
Government security clearance
None

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
A third-party destruction service

Data importing and exporting

Data export approach
Backed up data can be downloaded directly or shipped on a NAS or USB device. The recovery process can be done in a variety of ways, for example browsing the backup and drag/drop individual files, streaming recovery or even recreating entire machines through bare metal recovery or as virtual machines using our Instant Data system. These options can be selected by the user from the recovery interface. More information on the recovery methods available can be found at support.redstor.com
Data export formats
Other
Other data export formats
  • Original format (files and folders)
  • VHD/VHDX/VMDK virtual machine
  • Bare metal recovery on similar hardware
Data import formats
Other
Other data import formats
  • Any file type can be backed up
  • Full server/workstation backups can be performed

Data-in-transit protection

Data protection between buyer and supplier networks
TLS (version 1.2 or above)
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
If REDSTOR fails to achieve the Services Level Targets specified for the Services above, and if the End User requests REDSTOR to do so within five (5) Business Days after the target is not met, the End User may claim a credit (up to a limit of £1000 per month) based on the monthly recurring charge for the Services (excluding any variable charges) calculated as a percentage as follows: Services availability in a given Month Rebate (% of monthly recurring charge) (“MRCs”) Less than 99.5% and greater than or equal to 98.0% 25% Less than 98.0% and greater than or equal to 95.0% 50% Less than 95.0% 75%
Approach to resilience
Redstor uses accredited UK based datacenters for our cloud product. Each server uses RAID6 for customer data, allowing two simultaneous disk failures without any data loss, and each server is mirrored to produce a second identical copy of the backup data in a separate datacenter. These datacenters are in physically separate locations to insure that in the event of even a large scale disaster the service will not be interrupted. Examples of the certifications for the datacenters we use are: PCI DSS SSAE 16/ISAE 3402 SOC-1 Type II FACT ISO27001
Outage reporting
Our management console and dashboard application is available to all authorised users, and there is an API should other monitoring be required. Planned maintenance windows are announced by email in advance.

Identity and authentication

User authentication needed
Yes
User authentication
Username or password
Access restrictions in management interfaces and support channels
Access to the management console is restricted via user accounts which are password protected. Each authorized user can be provided with a username and password which they can then use securely login to the management interface. Access to the support portal is twofold. Content defined as "public" is not restricted and can be accessed/consumed without the requirement for a unique login. For users to check the status of existing tickets via the portal login is required. This too is password protected and available to authorized users only.
Access restriction testing frequency
At least every 6 months
Management access authentication
Username or password

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
DAS Certification
ISO/IEC 27001 accreditation date
23/01/2018
What the ISO/IEC 27001 doesn’t cover
All UK services are covered by the 27001 certification.
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Redstor have put in place an Information Security Management System (ISMS) in order to ensure that all Information and Systems will be protected against data loss, unauthorised access and disclosure. The ensured confidentiality, integrity and availability of all processing services, both internal and external are of the utmost importance. Redstor consider Information Security aspects as a top priority for customer confidence and the protection of the brand. Redstor are committed to preserving the confidentiality, integrity and availability of all the physical and electronic information assets throughout the organization, in order to preserve its assets, legal, regulatory as well as contractual, compliance and image. Redstor is committed to providing a service according to client’s expectations, ensuring that we take all aspects of Information Security in delivering our services to our clients. It is the policy of Redstor to commit and maintain an ISMS designed to meet the requirements of the current ISO27001 standard in pursuit of its primary objectives. In order to drive continual improvement within the ISMS Redstor set objectives on an annual basis as part of the Management Review Process. All objectives are communicated to all staff and include key responsibilities, timescales and appropriate measures of success.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
As part of our adherence to ISO 27001, Redstor maintains a Change Management Policy and a Network Management Policy. The Change Management Policy stipulates that updates to hardware (including firewalls, routers, and switches) will take place as and when necessary to ensure the security vulnerabilities are patched at the earliest available opportunity having ensured the appropriate due diligence (research and testing) has taken place first. Changes are discussed, approved and tracked through to completion using our change management process to ensure any potential risks are minimised. Changes are also documented and audited within the Change Management System.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
As part of our adherence to ISO 27001, Redstor maintains a Change Management Policy. The policy stipulates that updates to software and hardware will take place as and when necessary to ensure the security vulnerabilities are patched at the earliest available opportunity having ensured the appropriate due diligence (research and testing) has taken place first. Changes are discussed, approved and tracked through to completion using our change management process to ensure any potential risks are minimised. Changes are also documented and audited within the Change Management System Redstor also operates a weekly risk meeting to discuss vulnerabilities/risks in depth.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
We routinely review audit logs from each of our systems to ensure compliance with our security policies in adherence to ISO27001. We maintain/monitor each of our systems on a daily basis ensuring up-time and sufficient capacity as per our capacity planning and storage management policy. We maintain 24/7/365 monitoring of all production systems. Redstor also maintains a Malware Protection Policy and a Management of Technical Vulnerabilities Policy. Redstor uses a variety of controls to reduce the risk of virus infection of our systems/services. Redstor also provides security awareness notifications/training to staff to ensure that such risks are minimised.
Incident management type
Supplier-defined controls
Incident management approach
In adherence to ISO27001, Redstor maintains an Information Security Incident Policy. The policy details this at length. Herein is an extract: Employees report the security incident to the Technical Department via the Helpdesk, phone or email; the IMS Representative will then raise an Improvement Form, if the incident is considered to be minor. On form completion the IMS Management Representative will conduct the requisite investigation or the Technical Department will investigate and fix the problem. If required, the incident will be escalated to a Director. The Improvement Process should be followed in this instance. Further detail can be provided.

Secure development

Approach to secure software development best practice
Supplier-defined process

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.50 a gigabyte
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
Full use of the service for a limited time period – usually two weeks

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@redstor.com. Tell them what format you need. It will help if you say what assistive technology you use.