Central Technology Ltd

Veeam Backup for Microsoft Office 365 (BaaS)

CT's Veeam backup for O365 service provides a fully integrated, fast and secure way to backup your O365 data into our secure cloud repository. This applies to Exchange, SharePoint, OneDrive and Teams data within the Microsoft O365 platform and is a fully managed service.

Features

• Simple pricing, 30 days free trial, no charge, no risk
• Secure and compliant to government standard
• No VPN Required - connection secured with SSL
• Unlimited retention of data
• Unlimited storage

Benefits

• Storage agnostic removing comparability concerns
• Setup and operational in minutes through CT's fully managed service
• Industry leading backup technology
• Simple pricing calculator ensures you know exactly what your paying
• ISO 27001 and 9001 accredited by BSI
• CT controls your backups, managed from our certified infrastructure team
• Free 30 day unlimited functionality trial available
• Easily retrieve Microsoft O365 Exchange, SharePoint, OneDrive and Teams data
• Quick search and granular recovery of individual objects

£1.10 a user a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@ct.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

109902143161746

Contact

Robert Longden
01246266130
gcloud@ct.uk

Service scope

• Service constraints: CT would require delegated administration rights to establish the service access into your Microsoft Office 365 instance.
• System requirements: Licensed Microsoft Office 365

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: CT are an ITIL aligned service desk who use the Impact and Urgency model to drive the incident priority level.; ; Any CT infrastructure issues customer effecting will have the highest priority (P1) assigned. This attributes a 20-minute response although our infrastructure are consistently monitored 24/7 and updates provided every hour.; ; For operational questions, these will be raised as a service request and raised as a low priority (P4) request. This attributes a 4 hour response.; ; Note: Support is for the cloud connection service, the client is responsible for their on-premise Veeam backups.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: CT's operational teams are aligned to the ITIL framework and use the Impact & Urgency matrix to determine the incident priority (P 1-4).; ; Our standard SLA which are applied across our services are:; ; P1 - Critical - 20 mins response; P2 - Critical - 40 mins response; P3 - Critical - 2 hours response; P4 - Critical - 4 hours response (Service Requests); ; The service desk monitoring tools and management team consistently review the SLAs ensuring the high levels of customer engagement are delivered throughout the incident life-cycle.; ; Onsite support from our dedicated engineer team is available at an extra cost and is only where all remote services have been unsuccessful in resolving the issue.; ; During the on-boarding phase one of our Veeam product specialists will ensure that the service is established, before completing a handover into our internal account management sales support team. This team will take over the client management and be in regular contact ensuring that the service continues to meet and where possible exceed your expectations.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide initial configuration assistance and seeding service through your existing connectivity.; ; You will have access to support documentation, unlimited telephone/email support.; ; Free trials are offered by CT to allow customers to thoroughly test the product. There are also a great deal of user documentation available direct from Veeam's help centre.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: Customers can restore their data up until the point of the contract ends.
• End-of-contract process: Data is held encrypted for the remaining period of the contact, up until the renewal date. At the end of the contract, the customer may decide to renew/change/cease the Veeam service. To renew the service no changes will need to be made. If changes are required then this can quickly be achieved by contacting your account manager at CT with your requirements. To cancel the service, all data will be removed and the repository will be deleted.

Using the service

• Web browser interface: Yes
• Using the web interface: CT utilises the Veeam availability console which allows monitoring and management of the service.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Each customer is allocated a unique user credentials to access the web interface though a web browser.
• Web interface accessibility testing: None
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: CT utilise logical resource segregation and resource allocation to each environment. When customer approach resource limits, auto-scaling can be applied to a predefined upper agreed limit to allow a customer to grown without any disruption to their service.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email
  • Other
• Other usage reporting: Our Cloud Service support engineering team will proactivly inform customers of any increased usage through our PSA tool though managing alerts configured in line with the original agreed signed service proposal or service description.

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Other
• Other data at rest protection approach: AES-256 encryption is configured on all backups.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Office 365 Exchange data
  • Office 365 Teams chats, files and site data
  • Office 365 SharePoint data
  • Office 365 OneDrive For Business data
• Backup controls: A named user agreed during the on-boarding process will interface with CT's service desk for any amendments to the backup required from the original agreement.
• Datacentre setup: Multiple datacentres
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: CT ensures that data is segregated with the use of VLans throughout the network.

Availability and resilience

• Guaranteed availability: Availability Service Credits as % of Monthly VCC Backup Service Charge; ; <99.99%-99.85% - 5%; <99.85%-99.7% - 10%; <99.7%-99.5% - 20%; <99.5%-99% - 25%; <99% - 50%
• Approach to resilience: Multiple IP transits with diverse routing between Tier 3+ Data Centres ensures that the levels of resilience for the service are in-place.
• Outage reporting: CT will issue customer notifications followed by an RFO within 10 working days.

Identity and authentication

• User authentication: Username or password
• Access restrictions in management interfaces and support channels: CT implement role based access control to restrict access control within the service.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 08/09/20221 (first registered: 26/02/2013)
• What the ISO/IEC 27001 doesn’t cover: CT apply the ISO 27001 accreditation across the whole of its services and not just specific elements.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001
  • DSP Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CT are internally audited and externally assessed on a regular basis as well as formally annually by BSI to ISO 27001 standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: CT operates a change control process in-line with our ISO 27001 procedures. This covers all the components and services delivered by CT.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: CT's Security Steering Group uphold the Risk Management Policy which is aligned to ISO27001 Information Security Risk Management. This ensures risks are identified, evaluated and treated appropriately in an ongoing basis.; ; An OWASP scanner is in-place to run regular scans for detecting of vulnerabilities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: CT is certified to ISO 27001 Information Security Risk Management. This ensures protective monitoring is in-place to identify any risks. These are evaluated and then treated appropriately in an ongoing basis by CT's dedicated infrastructure team.; ; Protective monitoring alerts are managed on a 24x7 basis.
• Incident management type: Supplier-defined controls
• Incident management approach: CT operates under the ITIL framework for Incident Management as well as the ISO 27001 standard.; ; For all Priority 1 (Critical) incidents, Root Cause Analysis (RCA) reports are provided to customers within 10 business days of the incident resolution.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: CT manages all users of the service with unique authentication credentials aligned to our ISO 27001 standards.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: CT's datacentres use the latest energy saving technologies throughout the sites: cold aisle containment and free cooling chillers.; ; Cold aisle containment is still a new but relatively simple idea to get the best efficiency from air conditioning units, ensuring that air at the most optimum temperature flows through the servers. This ensures that sound and vibrations are kept to a minimum, which in turn maximises the energy efficiency of the units without compromising the capacity.

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  As an equal opportunity business, all of our services ensure that it can be consumed and managed of equal opportunity.

Pricing

• Price: £1.10 a user a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: CT provides a 30 day, unlimited functionality, free trial
• Link to free trial: https://www.ct.co.uk/cloud/secure-backup-for-office-365-as-a-service

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@ct.uk. Tell them what format you need. It will help if you say what assistive technology you use.