Trustmarque S3 SafeGUARD Back-up as a Service
Unifying Backup & Recovery, DR, Archiving and Search, SafeGUARD provides a highly secure data management service to protect all your data. Eliminating the burden of performing traditional local backups, the service offers centralised visibility of all data and allows you to stream your data on demand from backups and archives.
- Encryption (AES-256) to secure your data in the cloud
- Deduplication to reduce transmitted and stored data volumes
- Located in UK Data Centres
- Incremental-only backups to reduce backup window
- Rapid restore and recovery
- Archiving and search functionality
- Centralised management Console for ease of management
- Automated reporting including exception-reporting
- Includes Capita-approved integrated SIMS/FMS backup options
- Backed by a strong service level agreement and S3 support
- Reliable alternative to traditional backup with full disaster recovery
- Reduced backup window through advanced data reduction techniques
- Reduced operation effort with simple ‘set and forget’ backups
- Reduced bandwidth and low system overhead via data reduction techniques
- Management console providing single point of view for all data
- Simple, transparent pricing, no bandwidth charges, no hidden costs
- Reduces primary storage requirements through automated archiving
- Reduced maintenance overhead through automatic software updates
- Recover anything, anywhere and at any time
- Supported by data management specialists with experience since 1988
£0.10 to £0.45 per gigabyte per month
- Education pricing available
- Free trial available
- Pricing document
- Skills Framework for the Information Age rate card
- Service definition document
- Terms and conditions
- Modern Slavery statement
Trustmarque Solutions Limited
07939 509 325
|Service constraints||An installed client software agent is used to protect devices running supported operating systems and applications. Please refer to the system requirements and compatibility matrix.|
|Email or online ticketing support||Email or online ticketing|
|Support response times||Subject to an agreed SLA.|
|User can manage status and priority of support tickets||Yes|
|Online ticketing support accessibility||WCAG 2.1 AA or EN 301 549|
|Phone support availability||9 to 5 (UK time), Monday to Friday|
|Web chat support||No|
|Onsite support||Yes, at extra cost|
Business hours support is included as part of the service. Please refer to the Service Definition Document and End User Agreement.
Users can upgrade if required to S3 Support Advantage, which offers 24/7 support, a Technical Account Manager and agreed levels of on-site resource.
Please contact S3 for further information on S3 Support Advantage.
|Support available to third parties||No|
Onboarding and offboarding
A technical adviser from S3’s dedicated Support team will
provide the relevant advice as to the most efficient way to
on-board the End User in pre-agreed and defined timeframes. All
relevant software, training and support to run and maintain the
Service will be provided by S3.
For further information, please refer to the Service Definition Document.
|End-of-contract data extraction||All data is fully recoverable for up to 30-days after contract ends. Longer terms can be negotiated.|
|End-of-contract process||All data is fully recoverable for up to 30-days after contract ends. Longer terms can be negotiated.|
Using the service
|Web browser interface||Yes|
|Using the web interface||
A central management console allows IT departments to monitor and manage online backups, set-up schedules and automate administration and processes - true management by exception, reducing the time spent managing backups for data in hybrid or cloud storage.
Reporting is a key function, with scheduled reports and information on online backup status, enabling IT departments to intimately track, administer and manage backups and restores.
|Web interface accessibility standard||None or don’t know|
|How the web interface is accessible||The management Console has full role based access security and audit logs.|
|Web interface accessibility testing||N/A|
|What users can and can't do using the API||
The default graphical user interface of the SafeGUARD software can be replaced completely with customised branding and UX design through the API whilst maintaining the full functionality of the software.
SafeGUARD comes complete with a full reporting suite and centralised management console, all of which can be accessed through the extensive API.
|API automation tools||Other|
|API documentation formats|
|Command line interface||Yes|
|Command line interface compatibility||
|Using the command line interface||Backup and restore can be performed via the command line. This required that a backup selection has been performed via an installed client first.|
|Independence of resources||
The service is underpinned by a scale out infrastructure which is scaled ahead of being needed so there is always availability to support demand. As the infrastructure scales, it scales in both performance and capacity.
A comprehensive Service level Agreement (SLA) is offered to Customers.
|Infrastructure or application metrics||Yes|
|Reporting types||Real-time dashboards|
|Supplier type||Reseller providing extra features and support|
|Organisation whose services are being resold||S3 SafeGUARD|
|Staff security clearance||Conforms to BS7858:2012|
|Government security clearance||Up to Security Clearance (SC)|
|Knowledge of data storage and processing locations||Yes|
|Data storage and processing locations||United Kingdom|
|User control over data storage and processing locations||No|
|Datacentre security standards||Managed by a third party|
|Penetration testing frequency||At least once a year|
|Penetration testing approach||Another external penetration testing organisation|
|Protecting data at rest||
|Data sanitisation process||Yes|
|Data sanitisation type||Deleted data can’t be directly accessed|
|Equipment disposal approach||A third-party destruction service|
Backup and recovery
|Backup and recovery||Yes|
|What’s backed up||
The S3 SafeGUARD Backup Service provides an online storage platform which enables a Customer to back up a specified device.
The associated software that is provided by S3 to enable use of the Service allows automated or manual backup, as well as Customer initiated data recovery.
Backups can be scheduled to run unattended at a particular time and at a frequency defined by the Customer. Different backup selections can be scheduled to run at different times and frequencies.
|Datacentre setup||Multiple datacentres with disaster recovery|
|Scheduling backups||Users schedule backups through a web interface|
|Backup recovery||Users can recover backups themselves, for example through a web interface|
|Data protection between buyer and supplier networks||
|Other protection between networks||
The SafeGUARD software fully encrypts the Customer’s data using 256-bit AES encryption and transfers the Customer's fully encrypted data via any TCP-IP enabled network connection over TCP port 443.
Data is encrypted before leaving the Customer’s device in relation to which the Service is provided and remains so until recovered by the Customer.
|Data protection within supplier network||Legacy SSL and TLS (under version 1.2)|
Availability and resilience
S3 uses reasonable endeavours to provide the Services in accordance with the Service Level Agreement which is that the Service is available at a minimum of 99.5% per month.
In calculating availability, no account shall be taken of time the Service is unavailable due to any installation work or due to any maintenance in relation to the Service.
If S3 fails to achieve the Services Level targets specified for the Service, the End User may claim a credit (limited per month) based on the monthly recurring charge for the Service.
Please refer to Schedule 3 - Service Level Agreement in the SafeGUARD End User Agreement for further details.
|Approach to resilience||The data centres provide high levels of uptime. Ensuring electricity is always available, the primary data centre facility provides a minimum of N+1 power redundancy, meaning every mission-critical component has at least one backup power feed that kicks in when there’s an outage. Data centres also have enough fuel on site to provide 24 to 48 hours of emergency power using backup generators with guaranteed fuel delivery.|
|Outage reporting||Any outages are reported to Customers via email alerts|
Identity and authentication
|Other user authentication||
One set of security credentials (account name, password and encryption key) is required for each device, and the security credentials may not be shared between devices.
Security credentials include an encryption key. The key can be combination of alphanumeric characters of the customer’s choosing and is used when the encryption algorithm encrypts files to keep data confidential. Without the key, no one can access the data.
|Access restrictions in management interfaces and support channels||The management interface offers role based access meaning you can restrict each user to allow only the functionality required. An audit trail allows tracking of changes made by different users.|
|Access restriction testing frequency||At least once a year|
|Management access authentication||Username or password|
|Devices users manage the service through||Directly from any device which may also be used for normal business (for example web browsing or viewing external email)|
Audit information for users
|Access to user activity audit information||Users have access to real-time audit information|
|How long user audit data is stored for||Less than 1 month|
|Access to supplier activity audit information||Users have access to real-time audit information|
|How long supplier audit data is stored for||Less than 1 month|
|How long system logs are stored for||Between 1 month and 6 months|
Standards and certifications
|ISO/IEC 27001 certification||Yes|
|Who accredited the ISO/IEC 27001||IMSM (International Management Systems Marketing)|
|ISO/IEC 27001 accreditation date||2013|
|What the ISO/IEC 27001 doesn’t cover||N/A|
|ISO 28000:2007 certification||No|
|CSA STAR certification||No|
|Other security certifications||No|
|Named board-level person responsible for service security||Yes|
|Security governance certified||Yes|
|Security governance standards||ISO/IEC 27001|
|Information security policies and processes||S3 is ISO9001 and ISO27001 accredited and as such adheres to the policies and procedures set out under these schemes.|
|Configuration and change management standard||Supplier-defined controls|
|Configuration and change management approach||Further information can be provided upon request.|
|Vulnerability management type||Supplier-defined controls|
|Vulnerability management approach||Further information can be provided upon request.|
|Protective monitoring type||Supplier-defined controls|
|Protective monitoring approach||Further information can be provided upon request.|
|Incident management type||Supplier-defined controls|
|Incident management approach||Further information can be provided upon request.|
|Approach to secure software development best practice||Supplier-defined process|
Separation between users
|Virtualisation technology used to keep applications and users sharing the same infrastructure apart||No|
|Description of energy efficient datacentres||Tbc|
|Price||£0.10 to £0.45 per gigabyte per month|
|Discount for educational organisations||Yes|
|Free trial available||Yes|
|Description of free trial||A 14-day unlimited, full version, free trail is available on request.|