Trustmarque Solutions Limited

Trustmarque S3 SafeGUARD Back-up as a Service

Unifying Backup & Recovery, DR, Archiving and Search, SafeGUARD provides a highly secure data management service to protect all your data. Eliminating the burden of performing traditional local backups, the service offers centralised visibility of all data and allows you to stream your data on demand from backups and archives.


  • Encryption (AES-256) to secure your data in the cloud
  • Deduplication to reduce transmitted and stored data volumes
  • Located in UK Data Centres
  • Incremental-only backups to reduce backup window
  • Rapid restore and recovery
  • Archiving and search functionality
  • Centralised management Console for ease of management
  • Automated reporting including exception-reporting
  • Includes Capita-approved integrated SIMS/FMS backup options
  • Backed by a strong service level agreement and S3 support


  • Reliable alternative to traditional backup with full disaster recovery
  • Reduced backup window through advanced data reduction techniques
  • Reduced operation effort with simple ‘set and forget’ backups
  • Reduced bandwidth and low system overhead via data reduction techniques
  • Management console providing single point of view for all data
  • Simple, transparent pricing, no bandwidth charges, no hidden costs
  • Reduces primary storage requirements through automated archiving
  • Reduced maintenance overhead through automatic software updates
  • Recover anything, anywhere and at any time
  • Supported by data management specialists with experience since 1988


£0.10 to £0.45 per gigabyte per month

  • Education pricing available
  • Free trial available

Service documents

G-Cloud 11


Trustmarque Solutions Limited

David Neighbour

07939 509 325

Service scope

Service scope
Service constraints An installed client software agent is used to protect devices running supported operating systems and applications. Please refer to the system requirements and compatibility matrix.
System requirements
  • Internet connectivity
  • Backup software client installed on a supported operating system
  • Resource availability (low) on systems to be protected

User support

User support
Email or online ticketing support Email or online ticketing
Support response times Subject to an agreed SLA.
User can manage status and priority of support tickets Yes
Online ticketing support accessibility WCAG 2.1 AA or EN 301 549
Phone support Yes
Phone support availability 9 to 5 (UK time), Monday to Friday
Web chat support No
Onsite support Yes, at extra cost
Support levels Business hours support is included as part of the service. Please refer to the Service Definition Document and End User Agreement.

Users can upgrade if required to S3 Support Advantage, which offers 24/7 support, a Technical Account Manager and agreed levels of on-site resource.

Please contact S3 for further information on S3 Support Advantage.
Support available to third parties No

Onboarding and offboarding

Onboarding and offboarding
Getting started A technical adviser from S3’s dedicated Support team will
provide the relevant advice as to the most efficient way to
on-board the End User in pre-agreed and defined timeframes. All
relevant software, training and support to run and maintain the
Service will be provided by S3.

For further information, please refer to the Service Definition Document.
Service documentation Yes
Documentation formats
  • HTML
  • ODF
  • PDF
End-of-contract data extraction All data is fully recoverable for up to 30-days after contract ends. Longer terms can be negotiated.
End-of-contract process All data is fully recoverable for up to 30-days after contract ends. Longer terms can be negotiated.

Using the service

Using the service
Web browser interface Yes
Using the web interface A central management console allows IT departments to monitor and manage online backups, set-up schedules and automate administration and processes - true management by exception, reducing the time spent managing backups for data in hybrid or cloud storage.

Reporting is a key function, with scheduled reports and information on online backup status, enabling IT departments to intimately track, administer and manage backups and restores.
Web interface accessibility standard None or don’t know
How the web interface is accessible The management Console has full role based access security and audit logs.
Web interface accessibility testing N/A
What users can and can't do using the API The default graphical user interface of the SafeGUARD software can be replaced completely with customised branding and UX design through the API whilst maintaining the full functionality of the software.

SafeGUARD comes complete with a full reporting suite and centralised management console, all of which can be accessed through the extensive API.
API automation tools Other
API documentation Yes
API documentation formats PDF
Command line interface Yes
Command line interface compatibility
  • Linux or Unix
  • Windows
Using the command line interface Backup and restore can be performed via the command line. This required that a backup selection has been performed via an installed client first.


Scaling available Yes
Scaling type Automatic
Independence of resources The service is underpinned by a scale out infrastructure which is scaled ahead of being needed so there is always availability to support demand. As the infrastructure scales, it scales in both performance and capacity.

A comprehensive Service level Agreement (SLA) is offered to Customers.
Usage notifications Yes
Usage reporting Email


Infrastructure or application metrics Yes
Metrics types Memory
Reporting types Real-time dashboards


Supplier type Reseller providing extra features and support
Organisation whose services are being resold S3 SafeGUARD

Staff security

Staff security
Staff security clearance Conforms to BS7858:2012
Government security clearance Up to Security Clearance (SC)

Asset protection

Asset protection
Knowledge of data storage and processing locations Yes
Data storage and processing locations United Kingdom
User control over data storage and processing locations No
Datacentre security standards Managed by a third party
Penetration testing frequency At least once a year
Penetration testing approach Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process Yes
Data sanitisation type Deleted data can’t be directly accessed
Equipment disposal approach A third-party destruction service

Backup and recovery

Backup and recovery
Backup and recovery Yes
What’s backed up
  • Files
  • Virtual Machines
  • Databases
  • NAS
  • Laptops, PCs and Servers
Backup controls The S3 SafeGUARD Backup Service provides an online storage platform which enables a Customer to back up a specified device.

The associated software that is provided by S3 to enable use of the Service allows automated or manual backup, as well as Customer initiated data recovery.

Backups can be scheduled to run unattended at a particular time and at a frequency defined by the Customer. Different backup selections can be scheduled to run at different times and frequencies.
Datacentre setup Multiple datacentres with disaster recovery
Scheduling backups Users schedule backups through a web interface
Backup recovery Users can recover backups themselves, for example through a web interface

Data-in-transit protection

Data-in-transit protection
Data protection between buyer and supplier networks
  • Private network or public sector network
  • Legacy SSL and TLS (under version 1.2)
  • Other
Other protection between networks The SafeGUARD software fully encrypts the Customer’s data using 256-bit AES encryption and transfers the Customer's fully encrypted data via any TCP-IP enabled network connection over TCP port 443.

Data is encrypted before leaving the Customer’s device in relation to which the Service is provided and remains so until recovered by the Customer.
Data protection within supplier network Legacy SSL and TLS (under version 1.2)

Availability and resilience

Availability and resilience
Guaranteed availability S3 uses reasonable endeavours to provide the Services in accordance with the Service Level Agreement which is that the Service is available at a minimum of 99.5% per month.

In calculating availability, no account shall be taken of time the Service is unavailable due to any installation work or due to any maintenance in relation to the Service.

If S3 fails to achieve the Services Level targets specified for the Service, the End User may claim a credit (limited per month) based on the monthly recurring charge for the Service.

Please refer to Schedule 3 - Service Level Agreement in the SafeGUARD End User Agreement for further details.
Approach to resilience The data centres provide high levels of uptime. Ensuring electricity is always available, the primary data centre facility provides a minimum of N+1 power redundancy, meaning every mission-critical component has at least one backup power feed that kicks in when there’s an outage. Data centres also have enough fuel on site to provide 24 to 48 hours of emergency power using backup generators with guaranteed fuel delivery.
Outage reporting Any outages are reported to Customers via email alerts

Identity and authentication

Identity and authentication
User authentication
  • Username or password
  • Other
Other user authentication One set of security credentials (account name, password and encryption key) is required for each device, and the security credentials may not be shared between devices.

Security credentials include an encryption key. The key can be combination of alphanumeric characters of the customer’s choosing and is used when the encryption algorithm encrypts files to keep data confidential. Without the key, no one can access the data.
Access restrictions in management interfaces and support channels The management interface offers role based access meaning you can restrict each user to allow only the functionality required. An audit trail allows tracking of changes made by different users.
Access restriction testing frequency At least once a year
Management access authentication Username or password
Devices users manage the service through Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Audit information for users
Access to user activity audit information Users have access to real-time audit information
How long user audit data is stored for Less than 1 month
Access to supplier activity audit information Users have access to real-time audit information
How long supplier audit data is stored for Less than 1 month
How long system logs are stored for Between 1 month and 6 months

Standards and certifications

Standards and certifications
ISO/IEC 27001 certification Yes
Who accredited the ISO/IEC 27001 IMSM (International Management Systems Marketing)
ISO/IEC 27001 accreditation date 2013
What the ISO/IEC 27001 doesn’t cover N/A
ISO 28000:2007 certification No
CSA STAR certification No
PCI certification No
Other security certifications No

Security governance

Security governance
Named board-level person responsible for service security Yes
Security governance certified Yes
Security governance standards ISO/IEC 27001
Information security policies and processes S3 is ISO9001 and ISO27001 accredited and as such adheres to the policies and procedures set out under these schemes.

Operational security

Operational security
Configuration and change management standard Supplier-defined controls
Configuration and change management approach Further information can be provided upon request.
Vulnerability management type Supplier-defined controls
Vulnerability management approach Further information can be provided upon request.
Protective monitoring type Supplier-defined controls
Protective monitoring approach Further information can be provided upon request.
Incident management type Supplier-defined controls
Incident management approach Further information can be provided upon request.

Secure development

Secure development
Approach to secure software development best practice Supplier-defined process

Separation between users

Separation between users
Virtualisation technology used to keep applications and users sharing the same infrastructure apart No

Energy efficiency

Energy efficiency
Energy-efficient datacentres Yes
Description of energy efficient datacentres Tbc


Price £0.10 to £0.45 per gigabyte per month
Discount for educational organisations Yes
Free trial available Yes
Description of free trial A 14-day unlimited, full version, free trail is available on request.

Service documents

pdf document: Pricing document pdf document: Skills Framework for the Information Age rate card pdf document: Service definition document pdf document: Terms and conditions pdf document: Modern Slavery statement
Service documents
Return to top ↑