Our Cloud Hosting service consists of the provision of infrastructure, software and administrative tasks to make applications securely available to clients over the Internet.
We offer clients a global, platform-agnostic service. We are experienced in delivering scalable, secure and rapidly deployed hosting solutions via all of the public cloud providers.
- Multi vendor based consultancy, platform selection and design service
- DevOps based provisioning of automated resources using configuration management tools
- Fully managed SLA based 24x7x365 support
- In-service capacity and availability management
- Backup, Restore and recovery services
- Security services including DDoS mitigation, IPS/IDS, WAF, etc.
- Proactive platform monitoring for availabity, performance and security
- Proactve maintenance of entire operating system and technology stack
- Performance tuning & capacity planning
- ITIL based service for Change, Event, Incident and Release Management
- Expertise of a fully accredited Google Premier partner
- Unique full service managed services offering within a digital agency
- Over 20-years experience hosting some of the worlds busiest websites
- A single supplier to take complete responsibility for the platform
- Understanding of the entire technology stack, including applications and integrations
- In depth expertise with DevOps to maximise automation
- ITIL processes underpinned by ServiceDesk portal for efficient service management
- Efficient management of third parties
- TCO & ROI management through effective planning and provisioning
£600 per person per day
|Service constraints||The scope of our services are defined for each client based on their requirements. During the discovery phase of our engagement we ensure that the relevant support, infrastructure, configuration, development, platform, security, data, content and application needs are met based on the request and the scope of the engagement is agreed between both parties.|
|System requirements||System requirements are agreed based on Client needs.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||
The Service Desk is accessible to named client individuals and any relevant 3rd parties that are responsible for providing services under the Agreement. Our web based incident management portal, provides work flow, audit trail and reporting. The portal is available 24/7 and is monitored for new incidents and requests, users can also request support by telephoning the Service Desk.
Our aim is to meet the following SLA Response Targets is based on 4 levels of Priority
*1-Critical, response within 30 minutes,
*2-High, Response within 1 hour,
*3-Medium response within 8 hours,
*4-Low within 16 hours.
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.0 AAA|
|Phone support availability||24 hours, 7 days a week|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Our managed hosting service is pro-actively managed and monitored by a team of skilled engineers. Incidents and requests are submitted to the web-based Service Desk tool. Further queries can be submitted to the Service Delivery Manager.
The team provides 1st-through-3rd line support, capturing and progressing incidents and requests logged via the Service Desk or monitoring systems, and escalating functionally within the team to appropriate areas of expertise or to Service Delivery Managers in the event of major incidents or client impacting changes. A named SDM and TAM will be allocated to the client. We engage with our clients to design the relevant support model to fit the business needs, this can be 24*7, or Working Hours only. We also define SLAs specific to client needs. Our standard target SLAs for response times are covered by the section on User Support.
|Support available to third parties||Yes|
Onboarding and offboarding
We have a defined on-boarding process which encompasses planning the service and assessing the service readiness. This includes:
• Planning key dates for the transition
• Developing risk mitigation plans
• Knowledge Sharing to ensure the team are trained in client specific applications where necessary.
• Acceptance Criteria to ensure that both parties agree on what constitutes service readiness, and allows us to transition seamlessly into a full support model.
• Introduction and Training on the Service Desk for clients and third parties
• Ways of Working sessions to agree how we work with key stakeholders, and define ways to report status
Handover and Transition
The handover phase is designed to ensure that the technical teams gain a thorough understanding of the service and/or applications that are being supported. During transition, a Technical Support Document (TSD) is created which forms the kernel of our knowledge base. This is maintained as a living document throughout the life of the support service and includes details such as release processes, branching strategies, runbook and QA Test Cases (automated and manual) documentation, among others.
|End-of-contract data extraction||
Off boarding is a defined process where we engage with the nominated supplier who will be taking over the support services, or client internal team as relevant.
• Planning key dates for the transition
• Developing risk mitigation plans
• Knowledge Sharing to ensure the new team have all documentation passed to them.
• Acceptance Criteria to ensure that both parties agree on what constitutes service readiness, and allows the client to transition seamlessly their new supplier.
We will provide all run books and technical documentation, and any source code files required as part of the handover process. Client can nominate whether to receive these directly or whether we work with the nominated supplier.
|End-of-contract process||The off boarding process is a stand alone cost. Should there be a requirement for this to be an inclusive fee within a fixed term contract this can be negotiated during the contract drawing up process.|
Using the service
|Web browser interface||Yes|
|Using the web interface||We identify key delivery objectives of availability, security, scalability and performance for our clients. Based on the requirements, we install and manage the hosting platform on behalf of our clients. As part of our Managed Services, we offer our clients access to the Service Desk. Any required changes to configuration, capacity or security protocols etc, a ticket would be raised to the Service Desk. This is allocated to the relevant team member to carry out the service request, or to work with the client to understand the requirements and provide the fulfillment of the request based on technical expertise and within a controlled change management process. This allows us to offer a seamless, broad and responsible support service to ensure the platform remains operational and successful at all times. Any activities on the production environment will go through a rigorous process including technical assessment, risk assessment, security assessment, approval and all changes that could have a service impact will be scheduled in alignment with client's business needs. All activities on our cloud hosting infrastructure are tracked via an Audit trail to provide an accessible record of implemented changes that can be used when troubleshooting failed changes or assessing post-change impact.|
|Web interface accessibility standard||WCAG 2.0 AAA|
|Web interface accessibility testing||
Our service desk is built using the Atlassian Stack which is fully compliant to WCAG 2.0 AAA.
Atlassian carry out regular testing on their tools to maintain accessibility, including assistive technology. This is done across a variety of screen readers and browsers and the recommended combination is to use NVDA with Firefox (PC) and VoiceOver with Safari (MAC).
Should any specific requirements be needed we are happy to liaise with Atlassian on behalf of clients for support in this area.
|Command line interface||No|
|Independence of resources||
By offering a cloud based solution, we ensure that services are independently maintained on a shared infrastructure but independent of each other.
We work with clients to understand the capacity and load baseline requirements, architecting the solution to support these needs and anticipated scalability requirements.
Once in production, our expert network and hosting architecture support teams pro-actively monitor and manage all service supporting components in the underlying data centre or Cloud infrastructure, including shared components such as load balancers, SAN storage and switching infrastructure.
|Infrastructure or application metrics||Yes|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||Google, Oracle, AWS, Microsoft Azure|
|Staff security clearance||Other security clearance|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||
|User control over data storage and processing locations||Yes|
|Datacentre security standards||Complies with a recognised standard (for example CSA CCM version 3.0)|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||
|Equipment disposal approach||Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
All machines are backed up fully each week, with daily incremental backups each night. Specific data can be backed up even more frequently if required, for example large, frequently changing databases may require their transaction logs to be backed up hourly. Custom backups can be made to tape for archival purposes. DigitasLBi will work with clients to develop a backup strategy that meets specific requirements.
The service retains backups for disaster recovery purposes only, not for content archiving, therefore only 14 days of backups are retained as standard.
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Users contact the support team to schedule backups|
|Backup recovery||Users contact the support team|
|Data protection between buyer and supplier networks||
|Data protection within supplier network||IPsec or TLS VPN gateway|
Availability and resilience
We offer a range of Availability SLAs, from 99.0% up to 99.99%, based on the platform, infrastructure and client requirements.
We use both internal and external monitoring services to monitor all aspects of the platform, every 5 minutes, to ensure availability is measured effectively and accurately.
Our hosting SLA covers all components of the infrastructure, including servers, storage and networking. We can also provide an availability SLA for the applications using our Application Support service.
Service credits are calculated on a percentage of the monthly hosting fees, based on the difference between the achieved SLA and the target SLA. They are credited monthly in arrears.
|Approach to resilience||
We architect our public cloud solutions to utilise the redundant and fault tolerance features of the cloud. Servers are distributed across multiple availability zones and regions and duplicated where appropriate to provide fault tolerance across all disaster scenarios.
The if the applications support it, we ca configure elastic scaling to ensure the infrastructure scales in line with demand, ensuring high performance across all traffic demands.
Where appropriate we can deploy cloud services to replace tradition server base software. This can save cost and provide better resilience and performance. A popular cloud service frequently deployed is database as a service, to replace tradition database servers and software.
We utilise the latest DevOps and Infrastructure-As-Code practices to create dynamic, scalable and resilient applications that are easy to maintain, cost efficient and reliable.
Our Incident Management process guides individual and team behaviour with the aim of detecting and logging incidents and requests and ensuring technical and management teams respond efficiently and effectively in order that requests are fulfilled and service is restored to clients as swiftly and stably as possible.
In the event of an outage, the Service Delivery Manager contacts the client to inform them. Client also has full access to the Service Desk, and is able to configure a dashboard to receive alerts on incidents and track resolutions in real time. Further updates are then communicated using a combination of methods, including the dashboard, ticket updates and incident reports in accordance with the severity of the outage as documented in our Incident Management process.
Identity and authentication
|Access restrictions in management interfaces and support channels||The default login for our service desk tools is based on username and password. On request, we can enable a two factor authentication process. This can be extended to 3rd party providers as well.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||
|Devices users manage the service through||
Audit information for users
|Access to user activity audit information||Users contact the support team to get audit information|
|How long user audit data is stored for||User-defined|
|Access to supplier activity audit information||Users contact the support team to get audit information|
|How long supplier audit data is stored for||User-defined|
|How long system logs are stored for||At least 12 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||Jon Russell|
|ISO/IEC 27001 accreditation date||1/1/1900|
|What the ISO/IEC 27001 doesn’t cover||Our data centre is covered by the ISO/IEC 27001 certification. We carry the principles of the ISO framework through to our development, application management and platform support offerings but these are self regulated.|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security accreditations||No|
|Named board-level person responsible for service security||Yes|
|Security governance accreditation||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||
We apply rigorous processes within our development framework to ensure that we develop, configure and manage applications and infrastructure to meet the security needs of our clients.
If an incident is identified as being a security incident either by an investigating engineer or by a security monitoring system then it is immediately escalated to senior technical colleagues, the service design and architecture team, the service delivery manager and the senior management team form a dedicated Security Response Team.
The incident investigation and resolution then proceeds with an elevated level of priority, and with greater emphasis on data capture and communication to senior internal stakeholders.
If the incident occurs on, or has an impact on a client service then relevant client stakeholders are informed immediately and the further progress of investigation and resolution can involve teams and workflows internal to the client, depending on business impact and compliance issues.
The process downstream of this is tailored to individual clients based on the nature of their business and information security policies.
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||
All significant or potentially service-affecting changes to component configuration are submitted to a change management process where they are technically reviewed, risk-assessed, scheduled and then re-reviewed post-implementation.
The assessment of all changes includes potential security impacts and a full risk analysis of the proposed change.
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||
Security reviews are performed every quarter and discussed at service review meetings. We also offer automated security testing during the release cycle to identify the top 10 OWASP vulnerabilities, plus hundreds of others.
An annual independent 3rd party vulnerability and security testing audit is recommended, using an independent ISO27001 security testing company. A suitable 3rd party vulnerabiltiy and security testing company can be identified as part of the full service offered.
Critical issues found are raised immediately via the service desk to be fixed by the support team under SLA.
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||
A centralised log management platform is used to log and audit access and intrusion detection and non security related activities.
Logs ingested by the CLMP are indexed, providing real-time searchable data for an holistic view of security, allowing multiple (apparently unrelated) logs to be linked in a single security event, enabling rapid real-time issue analysis.
Events can be configured to trigger alerts. If an attack is detected, alerts will be raised and outputs from the logging platform used to create a mitigation response. These alerts are integrated into our support service. All incidents and security events are resolved under SLA.
|Incident management type||Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402|
|Incident management approach||
Our ITIL compliant Incident and Request Management process guides individual and team behaviour with the aim of detecting and logging incidents and requests and ensuring technical and management teams respond efficiently and effectively in order that requests are fulfilled and service is restored to clients as swiftly and stably as possible.
Our Service Desk tool enables clients to raise Incidents direct to the support team. Incidents are triaged by a systems analyst and assigned to the relevant support team to resolve under SLA.
|Approach to secure software development best practice||Conforms to a recognised standard, but self-assessed|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||Yes|
|Who implements virtualisation||Supplier|
|Virtualisation technologies used||VMware|
|How shared infrastructure is kept separate||
A cloud-based solution, we ensure that services are independently maintained on a shared infrastructure but independent of each other.
We work with clients to understand the security requirements, architecting the solution to support these needs and incorporating best practice approach to security and access protocols.
A Virtual Private Cloud provides complete network layer separation from any other portion of the environment. A VPC acts as a container for any resources in a given region, including virtual machines, storage, security rules, database instances, Cloud Formation stacks etc. Authentication and DNS, span all VPCs – allowing, e.g. global user access control policies.
|Price||£600 per person per day|
|Discount for educational organisations||No|
|Free trial available||No|
|Pricing document||View uploaded document|
|Skills Framework for the Information Age rate card||View uploaded document|
|Service definition document||View uploaded document|
|Terms and conditions document||View uploaded document|