Cognizant Technology Solutions UK Limited

Disaster Recovery Service

Cognizant Disaster Recovery Services provides replication and hosting of physical or virtual servers to enable customers to have a disaster recovery environment to switch over to in the event of an event affecting availability of the primary production platform.

Features

  • Point in Time Recovery
  • Enterprise-class replication
  • Recovery orchestration and automation BC/DR technology
  • Highly responsive to the business needs
  • 360 Data Validation
  • Multiple Performance & Redundancy Tiers

Benefits

  • Provides continuous data protection
  • Simplifies management of your disaster recovery strategy
  • Greatly reduces storage and bandwidth needs
  • Automates failover, failback and DR testing
  • Reduced Operation Costs
  • Capacity Management

Pricing

£37.70 per instance per month

Service documents

Framework

G-Cloud 11

Service ID

9 7 4 6 3 7 0 3 3 9 9 3 2 6 7

Contact

Cognizant Technology Solutions UK Limited

Paul Todd

+44 (0) 7711 588 127

paul.todd@cognizant.com

Service scope

Service constraints
Private cloud element can be provisioned as per customer requirement. The public cloud element would have the same set of constraints that are applicable for public cloud environments like AWS or Azure.
System requirements
  • Baseline for compute and storage aspects of service
  • Data location and transmission requirements must be defined by customer

User support

Email or online ticketing support
Email or online ticketing
Support response times
We have SLA response times of approximately 15 minutes.

Resolution SLAs depend upon ticket priority levels and vary from 1 hour for highly critical failures to 4 hours for low priority queries.
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
24 hours, 7 days a week
Web chat support accessibility standard
WCAG 2.1 AA or EN 301 549
Web chat accessibility testing
Basic Testing
Onsite support
Onsite support
Support levels
We provide 24/7 L1, L2 and L3 levels of onsite support based on the customer's requirements and on the criticality of the environment.
We provide a technical account manager for each account. We also provide cloud support engineers to help with the service. The resource will be available on a dedicated or shared basis depending upon the customer's requirements.
We typically provide 99.99% availability at the platform level and can provide enhanced availability levels through a highly redundant design at additional cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
The following documents help the users to start using the services
- Service Management Readiness - Ticketing tool to log tickets
- KEDB - This Known Error Database (KEDB) will be a reference book for the users to fix issues autonomously
- Standard Operating Procedure - This document will provide the support details of different stakeholders and how to reach procedures

Apart from these, we also provide a handover and training to customer users once the service is setup which will enable client users to get started quickly on the system.
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
For private cloud, data will be migrated back to the client and devices will be decommissioned.
For public cloud, data will be migrated to the client, then it will be overwritten and we will end the cloud subscription.
Or, we transfer the credentials and we signoff, after which the client will change the credentials.
Alternatively, we can provide extracts of all data within the system to users as a dump and allow the vendor who is providing the replacement system to migrate the data.
End-of-contract process
At the end of the contract the access of the users to application will be removed
• Customer proprietary documentation access to the users should be revoked
• All the revoking steps must be documented and signed off by the customer
• In Flight project documentation and knowledge transfer is provided to the customer and the new vendor in a series of arranged sessions
• All documentation regarding the customer environment is handed over to the customer

We also provide a transition to the vendor who is taking over the management of the system and the scope of services being provided under the current contract.

Using the service

Web browser interface
Yes
Using the web interface
We provide a self-service portal, template-based service catalogs and configurable workflows to accelerate cloud application deployment, reduce errors and empower end-users. With our portal, applications can be deployed in minutes instead of weeks, increasing employee productivity and reducing time-to-market.
Users can request items from service catalogue such as virtual machines and storage, etc. Users can deploy pre-configured templates for deployment of virtual machines or entire environments through the web interface. Other features available include:
- Creation of user groups / assign rights to user groups
- Control metering and chargeback to different business LOBs
- Reporting and analytics
- Commissioning and decommissioning of environments
- Load balancing, firewall changes
- Monitoring profiles keep track of IT resources such as memory, CPU, storage and networks
- Pre-defined policies and management rules which can be applied across resources in an organisation
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
No work to date, however we have the capabilities to work with assistive technology users as is shown by our accessibility standards.
API
Yes
What users can and can't do using the API
Provisioning and Orchestration - Enabling easy deployment and management of applications on cloud environments, ranging from simple websites to complex business applications. With the help of pre-defined and customisable polices, users can orchestrate application environments with a single click.

Monitoring and Auto Remediation - 24x7 policy-based monitoring of the entire IT setup, providing a 360-degree visibility and control over the entire environment in real time.

Metering and Chargebacks - Detailed consumption metering and granular reporting to identify the real cost of delivering business services for improved planning and budgeting. Utilisation of resources, such as memory, CPU, and network results in greater compliance, cost visibility, reduced IT costs, and greater accountability across business units.

Analytics and Advisory - Analytics and reporting capabilities let you view the utilisation trends and provide a comprehensive audit trail of user activities allowing you to control the consumption of resources across various environments. This results in greater accountability, improved compliance, higher return on investment and lower cost of ownership.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • SaltStack
  • Terraform
  • Puppet
  • Other
Other API automation tools
  • Powershell
  • Node.js
API documentation
Yes
API documentation formats
  • HTML
  • PDF
Command line interface
Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
Using the command line interface
Resource and configuration management can be done through the command line interface. All functionalities for the resources under management are done through the provided web interface.

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
We provide physically segregated systems for some users where demand for other clients doesn’t affect services for other users. In some cases, where there is only logical segregation, we ensure that there are adequate global capacity pools which can be leveraged in the event that one customer is accessing a larger burst workload. Tolerances are defined at the beginning of the engagement.
Usage notifications
Yes
Usage reporting
  • API
  • SMS

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Number of connections
  • Success rate of transactions
  • Availability status
  • Storage capacity
  • Network perfomance
  • Active number of users
  • Number of tickets raised
  • Number of SLA's breached
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
  • EU-US Privacy Shield agreement locations
  • Other locations
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least once a year
Penetration testing approach
In-house
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
  • Incremental backup of system information
  • Full backup of system information
  • Data files
  • Environment snapshots
  • Virtual machine images
  • Database copies
  • Automation procedures
  • Workflows
Backup controls
Backup schedules are agreed in advance with the users. During the contract, changes to the schedule are enabled through change control.
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Supplier controls the whole backup schedule
Backup recovery
Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data protection between buyer and supplier networks
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection between networks
Cognizant can provision for both the Network and the Application Layer data protection. Shared networks incorporating routing controls are configured to ensure that computer connections and information flows do not breach access control policies of business applications. Offshore deployments are on logical segregation. Individual projects are uniquely categorised under specific VLAN. VLANs are restricted based on the project need. Access control lists are built based on the request received from Client Security team/Project. Cognizant has home grown utility for logging access control polices on project demand and approval process.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
Other protection within supplier network
Department specific VLANs have been implemented in the firewalls and these are centrally managed by the IT team. Inter VLAN restriction is in place to provide adequate security. Access to department-specific files and shares are controlled through a “firewall change request” raised by associates via the internal portal. This request needs to be approved by the respective project managers and is then processed by the IT team. All firewalls are in high availability mode with hot failover configuration.

Availability and resilience

Guaranteed availability
We offer industry standard availability (typically 99.99%). The standard SLA's are negotiated during the contract negotiation stage and we have a proven record in meeting those SLA's. However, in cases where we fail to meet the agreed SLA's, we have a SLA penalty provision in our contract which would be decided after discussion with the client.
Approach to resilience
Cognizant adopt an effective IT Resilience Strategy which addresses key characteristics such as performance, scalability, availability, stability and capacity encompassing Application Technology, Infrastructure and Business Processes.

This can be customised to offer the level of resiliency the customer needs and is available on request. Resiliency is typically offered through the following points:

- Design - No Single Point of Failure: Redundant Hardware Components - Full channel path redundancy - Remote site software replication to enable seamless DC failover - Multiple sources for alert generation, monitoring and response

- Monitoring - Advanced predictive monitoring - Remote Monitoring to provide system records error and statistical data

- Resolution - Non-disruptive Hardware Replacement - Provision for diagnosis and analysis before the user is aware of any disruption in services
Outage reporting
For planned outages, we will inform the clients well in advance through all the communication channels. In case the service reports any outage due to incident, we will immediately issue a high priority alert to the client with an estimated time of resolution while working on resolution of the outage.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
Access restrictions in management interfaces and support channels
The users are provided with ‘least privilege’ user access rights by default based on job role and function. The additional privileges are granted against a request from the user which is approved by the relevant Project Manager and the access is granted for specific time duration. One week before the expiry, the access needs to be renewed, if required. If the access is not renewed, it is revoked on last working day originally assigned.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
Devices users manage the service through
Dedicated device on a segregated network (providers own provision)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
Standardisation Testing and Quality Certification, IT Department, Government of India
ISO/IEC 27001 accreditation date
02/07/2015
What the ISO/IEC 27001 doesn’t cover
The following locations, business process, data centers are out of ISMS scope:
1. Cognizant's Sales and Marketing Offices
2. Data centres used for hosting services/client delivery
3. Core logic business division
4. Cognizant finance process
5. Any other development centres not mentioned in facility details of SOA
6. Cognizant Academy
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Cognizant has a well-defined ‘Corporate Security Policy’ which is approved by the Chief Security Officer (CSO) of the Corporate Security team. Cognizant’s Corporate Security Policy and supporting Cognizant Standards, Processes, Guidelines and Procedures extensively cover security requirements to manage security risk for the client, for Cognizant and for the client’s information assets. The scope of the security policy covers all Cognizant business units and affiliates, all Associates, all its partners, suppliers (including contractors, and sub-contractors working with or delivering work products to Cognizant), service providers and all Cognizant infrastructure and information processing assets.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
Both the Customer or Cognizant may request change to the original scope of work at any time using the Change Request (CR). All CR details are recorded in a Change Log. Each CR will be analysed in terms of impact on the original scope, schedule, cost, effort, and quality. The increased scope of work on project schedules and/or planned resources will be assessed.

Cognizant’s configuration management process is designed in order to:
1.Provide IT Management with greater control over IT Assets of the organization
2. Provide accurate information to other ITIL/MOF processes
3.Create and maintain a reliable Configuration Management Database
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Cognizant has adopted security technologies such as the deployment of firewalls, Internet access monitoring, enterprise antivirus, network and host-based IPS, Data Loss Prevention (DLP), hardened hosts, data mining and analytics, electronic media forensics, vulnerability management and Security Information Event Monitoring (SIEM).

Incidents which are identified through the above monitoring processes are remediated as per the Incident handling procedure. The structured approach is composed of the major phases (Preparation, Detection and Analysis, Containment, Eradication and Recovery and Post-Incident Activity) and of on going parallel activities (Communication, and Documentation).Incidents are responded to and resolved in a prioritised fashion according to their severity.
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Cognizant has adopted security technologies such as the deployment of firewalls, Internet access monitoring, enterprise antivirus, network and host-based IPS, Data Loss Prevention (DLP), hardened hosts, data mining and analytics, electronic media forensics, vulnerability management and Security Information Event Monitoring (SIEM).

Incidents which are identified through the above monitoring processes are remediated as per the Incident handling procedure. The structured approach is composed of the major phases (Preparation, Detection & Analysis, Containment, Eradication and Recovery and Post-Incident Activity) and of on going parallel activities (Communication, and Documentation).Incidents are responded to and resolved in a prioritized fashion according to their severity.
Incident management type
Supplier-defined controls
Incident management approach
Cognizant has defined the ‘Cyber Security Incident Response Guide’ to handle events including privacy incidents, unauthorised disclosure, unauthorised access or breach of client data. The guide includes the process to detect, report, assess and manage information security Incidents. Customers are notified of all security related incidents.

The Incident Handling/Incident Response Procedure is composed of four major phases (Preparation, ‘Detection and Analysis’, ‘Containment, Eradication and Recovery’ and Post-Incident Activity) and of on going parallel activities (Communication and Documentation). This response phase(s) is derived from many standardised incident response processes such as those published by NIST, NASA Incident Management, and ISO27035.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
VMware
How shared infrastructure is kept separate
We use the latest cutting edge technology to logically isolate client environments from each other while on the shared public cloud. The logical partitioning divides hardware resources among clients thereby keeping them separate and secure from each other.

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
We leverage major data centre providers who meet the EU Code of Conduct for Energy Efficient datacentres

Pricing

Price
£37.70 per instance per month
Discount for educational organisations
No
Free trial available
No

Service documents

Return to top ↑