CSI Limited

Fully Managed Backup with Air Gap

CSI can build a scalable, resilient, robust and cost-efficient infrastructure solution for backup and recovery. Provisioned in a private, public or hybrid approach we offer; long term archival; fast disaster recovery with pre-defined recovery and restore SLAs; data tiering; air gap, physically isolating your backup data from potential cyber-security threats.


  • Comprehensive reporting, monitoring and alerting
  • Unlimited technical support
  • Remote management and out-tasking
  • Regular service, capacity and performance reviews
  • Guaranteed backup success, underpinned by service credits
  • Can provision an offsite recovery vault for long-term retention
  • Cost optimisation via cloud storage solutions and various licensing models
  • Data Protection Maturity Model identifies your as-is and to-be environments


  • Reduce business risk by providing a defined data protection catalogue
  • Provide insight and visibility of your IT infrastructure
  • Reduce TCO of data protection environment.
  • Identify and help resolve data protection exposure
  • Reliable backups with up to 99% success rate
  • Faster recovery times - reduced risk of revenue/productivity loss
  • Meet compliance and regulatory requirements


£0.07 to £0.35 a gigabyte a month

  • Education pricing available
  • Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

1 1 5 1 0 9 2 1 0 0 8 7 0 3 1


CSI Limited Jennifer Billett
Telephone: 08001088301
Email: jennifer.billett@csiltd.co.uk

Service scope

Service constraints
Our suite of Helix Protect offerings supports the majority of backup infrastructures (providing reporting, monitoring, support or management) on a minimum of 1 year contract. Please see relevant Service Definition Document.
System requirements
  • Operating systems and applications at supported levels.
  • Suitable internet links to transfer data.
  • Provision of physical or virtual hosts to host the software.

User support

Email or online ticketing support
Email or online ticketing
Support response times
Request for Information – 4 hour response – whether emailed, phoned or on the Community Restore Request – 2 hour response Critical Restore Request – 1 hour response – must be phoned through Out of Hours – Chargeable for all 10x5 customers – contract hours are 8am – 6pm Monday to Friday Monday – Friday between 6pm – 8am Must phone the Service Desk 6pm – 10pm - £150 per hour All day Saturday - £150 per hour 10pm Saturday – 6am Monday - £200 per hour
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 AA or EN 301 549
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
CSI provide advanced monitoring, reporting and alerting, access to a first, second and third line service desk, through to a fully managed solutions. Most accounts will be allocated a Technical Account Manager.
Support available to third parties

Onboarding and offboarding

Getting started
The service is simple and easy to understand. However, CSI provide full support in helping our clients familiarise themselves and ensure successful roll-out of the service. Online training and documentation will also be provided
Service documentation
Documentation formats
End-of-contract data extraction
In the vast majority of cases, data remains within the customer's core infrastructure, and is only remotely managed. Where CSI are hosting data, we will work with the customer during the off-boarding process to facilitate extraction of the data.
End-of-contract process
The principle of the suite of services is to provide insight, support or remote management of the customer's backup infrastructure. Therefore, at the end of the contract, we will disengage and hand responsibility back the customer as per our off-boarding process, which is included within the cost of the contract.

Using the service

Web browser interface
Using the web interface
The web interface allows users to raise questions, incidents and requests. It also gives access to knowledge, databases, forums and comprehensive reporting consoles.
Web interface accessibility standard
None or don’t know
How the web interface is accessible
Interface doesn't comply with EN 301 549 9 as this specifies how much users can zoom, how colour is used, and the contrast of web pages.
Web interface accessibility testing
Interface doesn't comply with EN 301 549 9 as this specifies how much users can zoom, how colour is used, and the contrast of web pages.
Command line interface


Scaling available
Scaling type
  • Automatic
  • Manual
Independence of resources
Through regular monitoring with performance and capacity management of the overall infrastructure.
Usage notifications
Usage reporting
  • Email
  • SMS


Infrastructure or application metrics
Metrics types
Other metrics
  • Backup success rates.
  • Backup statistics.
  • Storage utilisation.
Reporting types
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
IBM and Dell-EMC

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
United Kingdom
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
Less than once a year
Penetration testing approach
‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
Data sanitisation process
Equipment disposal approach
A third-party destruction service

Backup and recovery

Backup and recovery
What’s backed up
  • Majority of servers, applications, files and volumes (see SDD).
  • Mobile and endpoint devices.
  • Cloud applications (e.g. O365).
Backup controls
CSI will define a data protection catalogue which the customer or CSI will use to govern the backup policies. There is huge flexibility on what can be backed up, when and how
Datacentre setup
Multiple datacentres with disaster recovery
Scheduling backups
Users contact the support team to schedule backups
Backup recovery
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

Data protection between buyer and supplier networks
Other protection between networks
In the vast majority of cases, data is held within the customer's backup environment, and CSI provide remote support and management as required.
Data protection within supplier network
IPsec or TLS VPN gateway

Availability and resilience

Guaranteed availability
For our managed service (Helix Protect Enterprise) CSI provide an SLA of greater than 98% backup success rate, with a 5% service credit if we are unable to meet this SLA. Please see relevant Service Definition Document for more details.
Approach to resilience
CSI have ensured their service delivery is resilient in terms of site loss and component failure.
Outage reporting
Email alerts.

Identity and authentication

User authentication
Username or password
Access restrictions in management interfaces and support channels
Each user can have policy-driven profiles applied to govern their level of access.
Access restriction testing frequency
At least once a year
Management access authentication
Username or password
Devices users manage the service through
Dedicated device on a government network (for example PSN)

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
Bureau Veritas
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Who accredited the PCI DSS certification
NCC Services Ltd
PCI DSS accreditation date
What the PCI DSS doesn’t cover
Cyber essentials
Cyber essentials plus
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
CSI subscribe to and actively embrace ISO 27001. Our internal auditing process and the annual external audits ensure that the policies are being followed. Any breach of our information security policy is logged and escalated to the information security officer for a full and thorough review.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
As a service provider,CSI have a mature change-management process, which includes risk analysis, roll-back plans, and approval and verification steps.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
CSI subscribe to multiple threat-alert channels through our security partners and vendors. Critical patching will be completed within 3 days. Routine patching is completed on either a monthly or quarterly cycle.
Protective monitoring type
Protective monitoring approach
CSI use regular vulnerability scans and penetration testing to identify potential compromises which will be addressed as soon as commercially reasonable.
Incident management type
Incident management approach
Our incident management process is based on ITIL and has been refined over the many years of CSI being a service provider. Individual incidents are addressed and closed. Multiple incidents can trigger a problem management process. Major incidents will generate a incident report.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres
Description of energy efficient datacentres
CSI provide a TCO Tool which provides the output on cooling requirements to make sure that the energy requirements are optimised.

Social Value

Fighting climate change

Fighting climate change

Whilst CSI is not a manufacturer of hardware or software we are focused on producing 100% commitment to minimise any activities, which could do harm to the environment. In order to achieve this objective, we will: • Assess the environmental impact of all current and likely future operations. • Continuously seek to improve environmental performance. • Wherever possible purchase goods and services which are manufactured in an environmental and responsible manner. • Progressively improve levels of environmental protection and reduce the waste generated by the operations and commercial activities of the company, promoting recycling or reuse of objects/materials. • Raise awareness, encourage participation and train employees in environmental matters, and make information available where necessary. • Expect similar environmental standards from our suppliers and contractors. • Assist customers to use products and services in an environmentally sensitive way where possible. • Participate in discussions about environmental issues when necessary. • Do all that is necessary to comply with any legal or regulatory requirements. • Review the policy on an annual basis or as and when applicable and revise if necessary. • We share the industry’s concern about the impact on the environment of obsolete IT equipment that is not recycled and believe no computer should go to waste. We have a strong commitment to keep environmentally sensitive IT materials out of landfills. We work with our suppliers to enable materials to be reused or recycled, and to help conserve natural resources.
Covid-19 recovery

Covid-19 recovery

CSI has improved workplace conditions that support the COVID-19 recovery effort by closing down a London based office and improving conditions in our remaining two office locations. At our remaining two office locations in the UK we have enforced effective social distancing, testing kits on site that require a negative test before being granted access, a booking system to ensure that numbers of staff on site are not exceeded, sanitising of workspaces as well as hand sanitising products provided across the buildings. All employees are able to work and function fully remotely.
Tackling economic inequality

Tackling economic inequality

CSI only work with reputable organisations that have robust an ethical supply chains in place to provide the equipment our clients require. Eg - IBM IBM does business with suppliers that are environmentally & socially responsible, and encourages environmental leadership among them. IBM routinely responds to requests from clients and governments for information about the environmental attributes of our products. The source for this information is their suppliers. The objectives of our requirements for suppliers and their supplier evaluation program include: • Ensuring that IBM does business with environmentally responsible suppliers that are actively managing and reporting on their environmental impact • Helping our suppliers build capabilities and expertise in the environmental area • Avoiding transfer of responsibility for environmentally sensitive operations to any company lacking the commitment or capability to manage them properly • Reducing our suppliers' environmental and workplace health and safety risk • Protecting IBM, to the greatest extent possible, from potential environmental liabilities or adverse publicity Supplier social and environmental management system requirements Since 2010, IBM has required that all of its first-tier suppliers maintain a management system to address their social and environmental responsibilities. Our objective is to help our suppliers build/enhance their own capability to succeed in this area. Environmental evaluations As part of its global environmental management system, IBM conducts a three-stage supplier environmental evaluation for suppliers executing processes - IBM has specified or furnished chemicals or process equipment or providing hazardous waste management services or product end-of-life management services, with increasing levels of detail, depending on the risks associated with and the potential environmental impacts from the supplier's operations. Supplier Code of Conduct IBM endorses the Responsible Business Alliance Code of Conduct for its internal operations and requires the same of our direct suppliers for hardware, software and services. https://www.ibm.com/ibm/environment/supply/ms_requirement.shtml https://www.ibm.com/ibm/environment/supply/evaluations.shtml https://www.ibm.com/ibm/environment/supply/supplier_coc.shtml
Equal opportunity

Equal opportunity

We aim to provide equal opportunities and avoid discrimination in all aspects of employment and to ensure that the talent and skills of all individuals are maximised. Our approach applies to recruitment, terms and conditions of employment (including pay), appraisals, promotion, disciplinary and grievance procedures and training. This policy applies to employees, officers, agency workers, casual workers, consultants and self-employed contractors. Part-time and fixed-term staff should be treated the same as comparable full-time or permanent staff and enjoy no less favourable terms and conditions (pro rata where appropriate), unless different treatment is justified. The following forms of discrimination are prohibited under our policy and are unlawful: a) Direct Discrimination b) Indirect Discrimination c) Harassment d) Victimisation e) Disability Discrimination You must not discriminate against or harass individuals including other employees, former employees, job applicants, clients, customers, suppliers and visitors. This provision applies within the workplace and outside of the workplace on work related business or events (including but not limited to client visits, meetings, networking, social events).


The CSI Employee Assistance Programme is designed to provide staff, and their immediate family that live with them, a confidential telephone support service. LifeWorks consultants are available 8am to 8pm, Monday to Friday. Counsellors are available 24 hours a day, 7 days a week, 365 days a year. Access to the EAP confidential helpline staffed by independent advisers with access to specialist counsellors. The helpline provides help with physical, mental, financial and social issues and is available 24 hours a day 7 days a week. The helpline number is 0800 048 2702. Access to hundreds of articles and other resources that will help support your wellbeing via the Employee Assistance Program. Health and lifestyle assessment including Health, Financial, Physical and Social assessments. This is a voluntary screening service, which helps advise employees on their general health including stress.


£0.07 to £0.35 a gigabyte a month
Discount for educational organisations
Free trial available
Description of free trial
A 2 week POC can be requested and provided by CSI.

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jennifer.billett@csiltd.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.