Celerity Limited

Backup as a Service

A fully-managed cloud-based service for your data backup. The Backup as a Service (BaaS) model aligns with your security posture, resilience requirements and regulatory compliance. BaaS supplies all the daily management and technical aspects of backup and recovery, including transparent customer reporting provided through a dashboard facility.

Features

• Fully managed service
• Backs up virtual machines and physical servers
• Security accreditation to ISO27001, Cyber Essentials PLUS and PSN certification
• Pro-active 24 x 7 x 365 monitoring
• UK-based cloud backup locations (Tier 3 highly secure data centres)
• Fulfils daily tasks and technical management of backup and recovery
• Restoration of data via Service Desk or self-service recovery option
• No set up charges, only fixed term pricing
• Optional Air Gap Immutable Storage
• Optional Cyber Resiliency service

Benefits

• Convenience: once configured BaaS is an automated, auditable, managed service.
• Includes scheduled backups and additional options
• Stay in control of risk with detailed security/compliance standards
• Includes an SLA for ongoing data management, response and resolution.
• Removes daily burden from your valuable internal resources
• Defined backup schedules including updates and capacity monitoring
• High confidence in backup and restoration functions
• Stay in control of backup operational costs
• Optional Air Gap Immutable Storage for additional security levels
• Optional Cyber Resiliency: cyber-threat scanning and data validation

£598.10 a server a year

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at debra.stretton@celerity-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

126781402165742

Contact

Debra Stretton
08455652097
debra.stretton@celerity-uk.com

Service scope

• Service constraints: The service shall be allocated a maintenance window between the hours of 00:00 and 05:00 weekly.; Change Management applies in accordance with Celerity change request notification process.; Celerity will not provide any application or middleware level support as part of the service. ; Celerity is not responsible and cannot be held liable for degraded performance or response time in case of physical limitations of the of the purchased platform or software.; The Customer is required to ensure network connectivity via the internet using CESG approved secure VPN service/appliance.
• System requirements:
  • Current licence/s or appropriate legal agreement/s applicable
  • Customer responsibility of integrity/content of data
  • Operating system must remain in vendor support

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response to Severity 1 Incident: Minutes: 30 ; Response to Severity 2 Incident: Minutes: 60 ; Response to Severity 3 Incident: Hours: Next working day ; Response to Severity 4 Incident: Days: 5 working days
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: The Celerity Service Desk (CSD) will be the customer’s point of contact for all aspects of the service and is available (by web portal or phone) Mon-Fri 08:00-18:00 (excl. Bank Holidays) ; ; The CSD operates to ITIL3 standards and is managed by staff with experience in delivering managed IT and data protection services. Celerity utilises a modern IT Service Management System (ITSMS) which is at the centre of our Service Desk operations. The customer will be allocated accounts on our ITSMS portal. Via the portal users can: ; ; ~Log service requests ; ~View the status of service tickets ; ~Run standard reports ; ~Access contract / SLA information ; ; You may also log service requests by telephone. ; ; We will provide an Account Manager, a Technical Advocate (a BaaS specialist) and Customer Success Manager.; ; *Please note that 24x7x365 support is available as an additional option
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Celerity provides training and documentation for both on-boarding and off-boarding process. Training can be provided both remotely and onsite (at an additional cost).
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: The replicated data including virtual machines is stored in a mixture of vendor and proprietary formats.; You can only get access to available recovery points via; the provided mechanism. The data is available in; the same format in which it was stored. Professional services will be required to extract and return consumer generated data. Such; services will be quantified based on the volume and nature of the consumer generated data. Pricing for professional services will be based on our SFIA rate card.
• End-of-contract process: The customer has the right to terminate the agreement subject to contract and must give notice to terminate before the contract end date. Each agreement carries an economic break point, any termination of the; agreement within the economic break point will attract a; cost. Celerity will erase all consumer data at the end of the contract period. This is confirmed by a CoF.

Using the service

• Web browser interface: Yes
• Using the web interface: Self-service backup and restore functionality available as an alternative to making service requests to Celerity Service Desk
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: N/a
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Infrastructure is allocated a set amount of resource which is guaranteed and not shared and quality of service is configured to ensure sufficient bandwidth on the network.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Customers will be kept informed via email and also via the monthly reporting and feedback that is aligned with the BaaS service. This information will be presented by a Celerity Account Manager and a Customer Success Manager for discussion.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • Disk
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Physical machines
  • Bare metal option
  • Image level option
  • File level option
  • Application level option
• Backup controls: This is a managed service where Celerity will implement and manage all backup schedules, including: ; o All Virtual Machines listed by the client ; o All physical servers listed by the client ; o Microsoft 365 account (optional) ; o Includes data replication to offsite location (public/private cloud). ; o Optional Air Gap Immutable Storage ; o Optional Cyber Resiliency service to provide cyber-threat scanning of backup data, backup data validation and cleanroom recovery testing; However for recovery / restore options, clients can either: ; o Recovery / restore from the Celerity Service Desk (CSD); OR; o Utilise the user self-service option
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Services are available 365 days x 24 hrs with guaranteed SLA of 99.5% availability.
• Approach to resilience: Available on request
• Outage reporting: A dashboard is available to all customers providing information on the utilisation of the service and any incidents or outages. Celerity's system monitors the environment 24 hours a day and automatically sends e-mail reports of any outages to pre-agreed customer contacts.

Identity and authentication

• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Access is restricted by the user accounts, VLAN on the network and access to the network interface. Routing restrictions are in place with registered MAC addresses and access to the routers is restricted to admin’s only. VPN’s are in place to ensure the data to secure during transit.
• Access restriction testing frequency: At least once a year
• Management access authentication: Dedicated link (for example VPN)
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: The British Assessment Bureau
• ISO/IEC 27001 accreditation date: 13/11/2014 (most recently 27/01/2024)
• What the ISO/IEC 27001 doesn’t cover: Our certification covers all requirements within the ISO27001:2013 standard.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: PSN

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Celerity adhere to all documented security policies and processes as detailed in our ISO:27001 Information Security Management System (ISMS) Policy Document.; Celerity is also accredited annually to check that our security policies and processes are followed for Cyber Essentials Plus certification.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Celerity have a formal Change Management process in place. The Change Management Board meet once a week discuss, assess, approve or reject request for changes to ensure the integrity of the process. The CMB also provide approval for emergency change requests based on the merit and impact of the Request for Change (RFC).
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Celerity use a number of tools to ensure that the environment provided is suitably patched at a level to provide a secure service. Potential threats are identified through comparing our environment against industry recommendations. Patches and security updates are applied based on the severity and the importance and given an appropriate resource if approved through by CMB for a timely deployment.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Risk assessments are carried out to identify potential compromises. Risks are measured against a baseline of controls and any weakness or threats are addressed accordingly.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: The Information Security Officer, in conjunction with the Technical Director, will assess the seriousness of the situation and will take any necessary immediate action to limit any potential impact. The Information Security Officer (or nominated employee) is responsible for completing a Security Incident Management form and for logging this in the Security Incidents Log. Incidents are identified by a simple classification (High / Medium / Low) based on the nature of the incident and its source. This classification is used for prioritisation and for subsequent trend analysis.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: Each Virtual instance has access to a pool of processors and dedicated memory. The virtual environments have encrypted private tunnels to the network ensuring data is secure and segregated from other customers data and network traffic.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Like the rest of the world, Celerity is increasingly concerned about sustainability and our environmental footprint. We accept that we have responsibility to the principles of sustainability and environmental awareness, and we recognise the social and economic importance of protecting the environment. ; ; We aim to lead by example, by promoting a sensitive and considered attitude to the environment. By taking action to reduce our environmental footprint, we can help create a more sustainable future for all. Our continued dedication to achieving and maintaining sustainable and environmentally conscious practices has meant we have achieved our ISO14001 accreditation. Celerity strives to operate our business in an environmentally sensitive manner and endeavours for continuous improvement in environmental performance. Celerity Ltd is committed to Net Zero by 2050 through continued measurement, monitoring and reporting of our business activities. ; ; This will be achieved specifically by: ; ; Delivering managed services and cloud-based services responsibly, by continually scrutinising our supply chain for adherence to compliance, aims and legislation. ; ; Reducing our consumption of electricity, water, paper, and fuel, by monitoring usage and communicating environmental considerations to the workforce and partners. ; ; Conforming with current legislation and regulations, by seeking legal advice, training and testing staff and evaluating our compliance obligations. ; ; Maintaining our ISO 14001 Environmental Standard certification and obligations. ; ; Further promoting our Electric Vehicle Salary Sacrifice Scheme for employees to align our environmental vision and aims. ; ; Ensuring Celerity’s business travel booked through the online TravelPerk System is sustainable. We have opted in to the GreenPerk option where our CO2 emissions are 100% offset by calculating the carbon footprint and investing in VERRA certified projects in accordance with the UN’s Sustainable Development Goals.

  Covid-19 recovery

  Celerity continues to support individual staff, customers, and suppliers where they may need to continue to work in shielded environments as remote workers. Our IT systems use Teams infrastructure for calls, projects and collaborative and flexible working. We have encouraged our staff to return to work in the office at least one to two days per week. ; We continue sensitive to those staff affected by Covid-19, where physical and mental health may have been affected. We maintain a strong hygiene focus for onsite working. We also offer Mindfulness Training to help with any working adjustments. ; Our business is now operating a new hybrid working structure which offers a work-life balance but using both our physical offices and online infrastructure. This supports ongoing collaboration and team-working to achieve business outcomes.; Celerity's staff are based UK wide as homeworkers, and in addition we run 2 operational office sites in the north of England (Preston and Sunderland), therefore contributing towards the aims of the UK Government's Levelling-up and Regeneration Act 2023.

  Tackling economic inequality

  Celerity encourage and maintain supply chain resilience and capacity with our suppliers through a culture of ethical trading relationships. We actively encourage good working relationships with our suppliers. Celerity is committed to obtaining and retaining competitive goods and services while at the same time ensuring they are from sources which have not compromised human rights, safety, or the environment. Celerity aims to develop strong relationships with their suppliers, based on mutual trust, understanding and respect and to improve the quality, environmental performance and sustainability of goods and services. Celerity aims to ensure workforce equality and diversity within supply chains and promote the benefits of fair employment practices. ; ; Celerity also expects its suppliers to: ; ; ~Adhere to business principles are consistent with their own ; ~Ensure that their products and services are produced and delivered to comply with all relevant legislation. ; ~Seek to maintain continuous improvement in the supply chain relationship with Celerity. ; ~Ensure they adopt and implement acceptable safety, environmental, product quality, product stewardship, labour, human rights, social and legal standards in line with Celerity’s own code and to ensure these issues are acceptably managed within the supply chain for any products supplied to Celerity. ; ; To maintain ethical sourcing practices, we will: ; ; ~Ensure compliance with European Union (EU) Principle(s) in procurement and supply management and national and international standards of organisational governance ; ~Eradicate corruption ; ~Encourage meeting of minimum relevant industry benchmarks or national legal standards in workforce wages, benefits and welfare including child labour ; ~Encourage fair pricing of all goods, works and services that enables the achievement of both value for money continuity of business operations ; ~Promote Fairtrade and similar standards

  Equal opportunity

  Celerity Limited is committed to being an equal opportunities employer and to provide a workplace free from discrimination, harassment, intimidation, and victimisation based on race, age, sex, sexual orientation, marriage and civil partnership, disability, religion or belief, gender reassignment or pregnancy and maternity. ; ; All employees of Celerity have mutual responsibility and expectations; this includes an employee expectation to be treated fairly with dignity and respect, therefore, not to suffer harassment in the workplace. This confers a corresponding responsibility on all individuals to behave towards their colleagues and others they come into contact with in the course of their work in a manner that is consistent with meeting this expectation. Our Diversity, Equity and Inclusion Policy outlines how we value the diversity of our personnel which underpins a positive culture and ultimately contributes towards business advantage.

  Wellbeing

  Celerity recognises the importance of good health and wellbeing for our employees, both in and out of the workplace. Delivery of Celerity cloud solutions and managed services to customers relies on employees feeling healthy, focused, and professional. Wellbeing is essential for good mental health, physical health, sociability, and positive relationships, which then promotes overall productivity in and out of the workplace. Therefore, Celerity offers support wherever possible, to help and encourage employees to achieve good health and wellbeing. Our Wellbeing Plan already includes benefits such as the Cycle to Work Scheme, Techscheme, Electric Vehicle Scheme, Health Care Cash Plan, Thrive Mental Wellbeing app, Headspace app membership, Financial Wellbeing Advice, Life Assurance, and corroborations with MIND, to focus on mental health and also Macmillan, supporting those with Cancer or other long term illnesses affecting family life. Celerity is an accredited Living Wage employer, along with being committed to being a Menopause Friendly employer. In addition, there are occasional social events which are designed to bring employees together, where the focus may be relaxation, enjoyment, or a charity event to raise funds and spread awareness of good causes. We provide Mindfulness Courses to nurture and develop our staff and to maintain positive organisational practices. Along with ongoing employee feedback, our Wellbeing Plan is measured, monitored, reviewed, developed, and continually improved.

Pricing

• Price: £598.10 a server a year
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: The free trial has no operational limitations or restrictions. The free trail is available for a maximum of one week.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  ODT

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at debra.stretton@celerity-uk.com. Tell them what format you need. It will help if you say what assistive technology you use.