Central Technology Ltd

Object Storage (S3 Compatible)

CT Secure Object storage is simple, affordable, and secure cloud storage.
It expands your on-premises ecosystem to the cloud for the inexpensive, long-term storage of unstructured, cold, archive, or long-term backup data. Using on-premises devices is not enough, with increased risks to your data now including security threats like ransomware.

Features

• ISO 9001 (accredited by BSI)
• ISO 27001 (accredited by BSI)
• GDPR Compliance
• AWS S3 Compatible with most 3rd party vendors

Benefits

• Storage agnostic removing comparability concerns
• Setup and operational in minutes
• Enterprise level analytics to accurately forecast future backup storage needs
• Regulatory Compliance
• Backup and Restoration
• High Availability SLA
• Data is retained in the UK
• No upload or download fees
• No API request charges

£9.50 a terabyte a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@ct.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

119585065782189

Contact

Robert Longden
01246266130
gcloud@ct.uk

Service scope

• Service constraints: Planned and Emergency Works; Where CT plans to perform essential works and the changes are service affecting, CT will use reasonable endeavours to perform such works between the hours of 00:00 and 04:00 and will use reasonable endeavours to give the Customer at least five (5) days prior notice for network related work and at least ten (10) days prior notice for Infrastructure related work. In the event of an emergency or Service Affecting Fault, such notice may be less than 24 hours. This is without prejudice to or limitation of the definition of Planned Outage.
• System requirements:
  • Object storage API compatible applications
  • Object storage API compatible storage gateway appliances
  • HDFS compatible applications

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: CT are an ITIL aligned service desk who use the Impact and Urgency model to drive the incident priority level.; ; Any CT infrastructure issues customer effecting will have the highest priority (P1) assigned. This attributes a 20-minute response although our infrastructure are consistently monitored 24/7 and updates provided every hour.; ; For operational questions, these will be raised as a service request and raised as a low priority (P4) request. This attributes a 4 hour response.; ; Note: Support is for the cloud connection service, the client is responsible for their on-premise Veeam backups.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: CT's operational teams are aligned to the ITIL framework and use the Impact & Urgency matrix to determine the incident priority (P 1-4).; ; Our standard SLA which are applied across our services are:; ; P1 - Critical - 20 mins response; P2 - Critical - 40 mins response; P3 - Critical - 2 hours response; P4 - Critical - 4 hours response (Service Requests); ; The service desk monitoring tools and management team consistently review the SLAs ensuring the high levels of customer engagement are delivered throughout the incident life-cycle.; ; Onsite support from our dedicated engineer team is available at an extra cost and is only where all remote services have been unsuccessful in resolving the issue.; ; During the on-boarding phase one of our Veeam product specialists will ensure that the service is established, before completing a handover into our internal account management sales support team. This team will take over the client management and be in regular contact ensuring that the service continues to meet and where possible exceed your expectations.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: We provide initial configuration assistance and an optional seeding service (for large data sets or slow connectivity links), along with assisting with any issues with initial replication job configuration.; ; You will have access to support documentation, unlimited telephone/email support for the initial set up.; ; Free trials are offered by CT to allow customers to thoroughly test the product. There are also a great deal of user documentation available direct from Veeam's help centre.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • PDF
• End-of-contract data extraction: As part of the Service, customers will have access to extract data into a specific owned bucket. It is the customer responsibility to ensure that all data has been removed prior to the end date of the contract.
• End-of-contract process: At the agreed end date, CT will remove access to the location and delete all data from the platform.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: CT utilise logical resource segregation and resource allocation to each environment. When customer approach resource limits, auto-scaling can be applied to a predefined upper agreed limit to allow a customer to grown without any disruption to their service.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Our Cloud Service support engineering team will proactivly inform customers of any increased usage through our PSA tool though managing alerts configured in line with the original agreed signed service proposal or service description.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types: Disk
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: Other
• Other protection within supplier network: CT ensures that data is segregated with the use of VLans throughout the network.

Availability and resilience

• Guaranteed availability: Availability Service Credits as % of Monthly VCC Backup Service Charge; ; <99.99%-99.85% - 5%; <99.85%-99.7% - 10%; <99.7%-99.5% - 20%; <99.5%-99% - 25%; <99% - 50%
• Approach to resilience: Multiple IP transits with diverse routing between Tier 3+ Data Centres ensures that the levels of resilience for the service are in-place.
• Outage reporting: CT will issue customer notifications followed by an RFO within 10 working days.

Identity and authentication

• User authentication: Other
• Other user authentication: Access Key & Secret
• Access restrictions in management interfaces and support channels: CT implement role based access control to restrict access control within the service.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password
• Devices users manage the service through: Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 08/09/2021 (first registered: 26/02/2013)
• What the ISO/IEC 27001 doesn’t cover: CT apply the ISO 27001 accreditation across the whole of its services and not just specific functions of the business.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO 9001
  • DSP Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: CT are internally audited and externally assessed on a regular basis as well as formally annually by BSI to ISO 27001 standards.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: CT operates a change control process in-line with our ISO 27001 procedures. This covers all the components and services delivered by CT.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: CT's Security Steering Group uphold the Risk Management Policy which is aligned to ISO27001 Information Security Risk Management. This ensures risks are identified, evaluated and treated appropriately in an ongoing basis.; ; An OWASP scanner is in-place to run regular scans for detecting of vulnerabilities.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: CT is certified to ISO 27001 Information Security Risk Management. This ensures protective monitoring is in-place to identify any risks. These are evaluated and then treated appropriately in an ongoing basis by CT's dedicated infrastructure team.; ; Protective monitoring alerts are managed on a 24x7 basis.
• Incident management type: Supplier-defined controls
• Incident management approach: CT operates under the ITIL framework for Incident Management as well as the ISO 27001 standard.; ; For all Priority 1 (Critical) incidents, Root Cause Analysis (RCA) reports are provided to customers within 10 business days of the incident resolution.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Veeam Cloud Connect customers are assigned separate user credentials to ensure segregation between the data and instances.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: CT's datacentres use the latest energy saving technologies throughout the sites: cold aisle containment and free cooling chillers.; ; Cold aisle containment is still a new but relatively simple idea to get the best efficiency from air conditioning units, ensuring that air at the most optimum temperature flows through the servers. This ensures that sound and vibrations are kept to a minimum, which in turn maximises the energy efficiency of the units without compromising the capacity.

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  As an equal opportunity business, all of our services ensure that it can be consumed and managed of equal opportunity.

Pricing

• Price: £9.50 a terabyte a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at gcloud@ct.uk. Tell them what format you need. It will help if you say what assistive technology you use.