Aspire Technology Solutions

Disaster Recovery DRaaS

Aspire’s Disaster Recovery as a Service (DRaaS) can retrieve your infrastructure backup from our data centres, getting you up and running, avoiding lengthy and costly downtime.
It comes in flexible packages which allows DRaaS to be cost effective depending on what data you need and when you need it.

Features

  • Fast, flexible Recovery
  • Choose key business infrastructure, applications & data
  • Fully managed service
  • Custom Recovery Time Objective (RTO) ranging from 2hrs - 8hrs
  • Custom Recovery Point Objective (RPO) ranging from 15mins - 4hrs
  • Inclusive DR testing

Benefits

  • Business Continuity Compliance
  • Dedicated UK based Service desk support
  • World class NPS customer satisfaction support
  • Scalable to meet changing business needs
  • Reduced Maintenance & infrastructure costs
  • Reduced in-house support staff training & costs
  • Privately owned ISO 27001 security certified Data centres
  • Facilitates Remote working
  • Minimises business impact
  • 24/7 support

Pricing

£20 a virtual machine a month

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.mcnickle@aspirets.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 12

Service ID

9 9 7 2 1 9 7 1 2 9 0 3 2 0 9

Contact

Aspire Technology Solutions Stephen McNickle
Telephone: 03301242700
Email: stephen.mcnickle@aspirets.com

Service scope

Service constraints
NA
System requirements
Solutions requirements defined at design stage

User support

Email or online ticketing support
Email or online ticketing
Support response times
Response times are depending on assigned priority ranging from P1 Incident immediate response to P5 service requests 12 hour response. DR invoked support is 24/7
User can manage status and priority of support tickets
Yes
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
Support levels can be tailored to meet the customer requirements.

As standard all customers receive 24/7 monitoring of all backups. dedicated Service account manager, Service and response SLAs, bespoke and fully customisable backup solution to meet the business requirements

24/7 support for invoked DR
Support available to third parties
Yes

Onboarding and offboarding

Getting started
All services are delivered by dedicated account manager, project manager and project delivery team including technical lead.

Projects meet the agreed deliverable s which are created to meet the requirements of the customer
Service documentation
Yes
Documentation formats
PDF
End-of-contract data extraction
If the client wishes to change to a different IT provider an End of Contract date is agreed. Data is then collected via the client from the Aspire data centre or placed in an encrypted location at the request of the client. Aspire do not keep unencrypted data outside the data centre. The customer can extract their data at any time, whether by self-service request or a request for Aspire to perform on the customer’s behalf. The cost of this will be based upon a time and materials basis.
End-of-contract process
As described above

Using the service

Web browser interface
Yes
Using the web interface
End user web interface for end users to report issues, track changes, update tickets, view usage, view billing.
If required take full control of administration of the service.
Web interface accessibility standard
WCAG 2.1 AA or EN 301 549
Web interface accessibility testing
All interface testing completed to meet ISO27001 standards
API
Yes
What users can and can't do using the API
Full customisation to meet the customer and business requirements
API automation tools
OpenStack
API documentation
Yes
API documentation formats
PDF
Command line interface
No

Scaling

Scaling available
Yes
Scaling type
  • Automatic
  • Manual
Independence of resources
Dedicated to customer DR requirments
Usage notifications
Yes
Usage reporting
Email

Analytics

Infrastructure or application metrics
Yes
Metrics types
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
Reporting types
  • Real-time dashboards
  • Reports on request

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Conforms to BS7858:2012
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Yes
Datacentre security standards
Complies with a recognised standard (for example CSA CCM version 3.0)
Penetration testing frequency
At least every 6 months
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
Physical access control, complying with another standard
Data sanitisation process
Yes
Data sanitisation type
Explicit overwriting of storage before reallocation
Equipment disposal approach
Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

Backup and recovery
Yes
What’s backed up
Fully customised to meet the customer DR requirements
Backup controls
Fully customised to meet the customer DR requirements
Datacentre setup
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
Private network or public sector network
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
99.9% availability
Approach to resilience
Availability by design is at the core of Aspires' architectural principles. Each organisation has their own priorities in respect of system or application availability and Aspire' consultative approach ensures the correct balance between availability, risk and cost is achieved.
Outage reporting
Fully automated pro-active alerting on multi elements of the service
creating automated incidents and end customer notifications depending on the severity / priority of the notifications.
24/7 monitoring of all platforms and backups by in house 24/7 service analysts and technical teams.
Email and telephone notifications

Identity and authentication

User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
Aspire support offerings adopt to the principles of least privileges and role based access control, with access restricted only to those who need it in their support duties.
Access restriction testing frequency
At least every 6 months
Management access authentication
2-factor authentication
Devices users manage the service through
Dedicated device over multiple services or networks

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
User-defined
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
User-defined
How long system logs are stored for
User-defined

Standards and certifications

ISO/IEC 27001 certification
Yes
Who accredited the ISO/IEC 27001
British Assessment Bureau
ISO/IEC 27001 accreditation date
18/11/2019
What the ISO/IEC 27001 doesn’t cover
No exceptions
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
Yes
Any other security certifications
Cyber essentials

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
ISO/IEC 27001
Information security policies and processes
Aspire are ISO27001 & Cyber essentials accredited
Aspire maintain a full ISMS with integrates with a bespoke business management system
All personnel are fully trained on the ISMS and Aspire have a Head of Quality & Compliance who is responsible for the management of the ISMS and BMS documentation internally and to ensure adherence to internal governance and external standards.

Operational security

Configuration and change management standard
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Configuration and change management approach
Aspire have an ITIL aligned Change Management Process. Any changes that are non-standard and carry a degree of risk to implement require the completion of a Request for Change (RFC) . Each RFC is reviewed by Aspire’ CAB . Consideration is then given to factor of the change including backup / test plans, security impact, back out plan etc
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Each threat is dealt with on a case by case basis. If there has been a global threat and patch released this will deployed immediately. Patch deployment is automated so patches can be deployed without delays, schedules can be customised.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Aspire network is proactively monitored to search and identify potential threats to the environment. Upon notification, Aspire immediately effects its incident management process to address and reported incidents.
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Aspire have ITIL aligned processes for Incident Management and Service Requests.Users can log calls to the Service Desk by phone, email or an online portal.For requests such as new starters, leavers, folder access, changes to distribution lists, password resets there are specific processes and guides in place.A user logs a ticket they will receive an email detailing the case information.

Secure development

Approach to secure software development best practice
Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart
Yes
Who implements virtualisation
Supplier
Virtualisation technologies used
Hyper-V
How shared infrastructure is kept separate
Segregated model is in place to ensure that organisations are kept separate

Energy efficiency

Energy-efficient datacentres
Yes
Description of energy efficient datacentres
Aspire adheres to the EU Code of conduct for energy efficient datacenters.

Pricing

Price
£20 a virtual machine a month
Discount for educational organisations
Yes
Free trial available
No

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.mcnickle@aspirets.com. Tell them what format you need. It will help if you say what assistive technology you use.