NETBUILDER DIGITAL LTD

AWS Managed Infrastructure

NETbuilder Digital provides Amazon Web Services (AWS) professional services from strategy through platform design, implementation, maintenance and support to live service deployment on AWS infrastructure. Our experts help advise, manage, design and deliver integrated AWS work packages or end-to-end solutions.

Features

• Support the design of cloud architecture and infrastructures on AWS
• Provide fully redundant and resilient cloud infrastructures built on AWS
• Support flexible and scalable, storage, network, monitoring and backup services
• Provide industry expert cloud implementation support for your AWS initiatives
• Automate code testing, deployment processes and CI / CD infrastructure
• Support AWS VPC, EC2, S3, RDS, Route 53, IAM services
• Support AWS Cloud Watch, Cloud Trail, SNS, SES services
• Apply best practice cyber security solutions, processes and procedures

Benefits

• Deliver operational cloud stacks at speed
• Facilitate platform maturity enhancement and speed up your cloud transformation
• Best-in-class implementation for cloud platform hosting applications
• Reduce time to market, overall costs, focus on engaging customers
• Relieve IT staff of day-to-day operational and management activities
• Flexible system configurations based on needs with automated cloud infrastructure
• Add flexibility to your AWS cloud initiatives
• Improve security posture and minimise cyber security risks

£300 a licence a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at maxwell.ashley@netbuilder.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

127689941154859

Contact

Maxwell Ashley
07481 758650
maxwell.ashley@netbuilder.com

Service scope

• Service constraints: The customer is responsible for, and remains liable for ensuring that their licensing is compliant with deployment in a virtualised cloud environment.; ; The customer is responsible for agreement and complying with the AWS client agreement and acceptable usage rights. This can be found at https://aws.amazon.com/agreement/
• System requirements:
  • Operating systems must be x86 based.
  • Operating systems must not be end of support
  • Legacy environments will require an audit prior to acceptance

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: NETbuilder Digital provide prioritised support services for the Managed Services, to be accessed by the Customer’s Technical Support Contacts 24 hours a day, 7 days a week (each such request a “Service Request” or an “Incident” or a “Change Request”) according to an agreed set of Response Times for each service request type and priority level.; ; Indicative response times:; ; • P1 Highest Severity Incident - 15 minute response; • P2 High Severity Incident - 1 hour; • P3 Medium Severity Incident - 2 hours; • P4 Low Severity Incident - 4 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our Production Support offering ensures that the customer’s technology estate is operational whilst providing them with significant autonomy in daily application and business operations. Production customers are assisted with a self-service portal that makes it easy to request help, search knowledgeable content and track progress on issues, and by the NETbuilder Technical Support team composed of service desk agents and a named Service Delivery Manager (SDM) primarily tasked with system maintenance, security, health reporting and monitoring on a 24x7 basis.; ; Our Enterprise Support offering builds on Production Support and is a premium full-service package developed with the goal of empowering customer teams to focus on their core business and deliver effectively at scale. This offering entitles the customer to a single point of contact with NETbuilder; the Technical Account Manager (TAM), a highly skilled professional proactively supporting the customer during deployment time and production related activities, while ensuring the ongoing maintenance and management of the technology stack. The TAM meets regularly with the customer and can assist with activities such as performance tuning, configuration and planning.; ; Pricing of the Managed Service is determined on a case by case basis dependent upon the service offering, service level agreements and customer requirements.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: NETbuilder Digital's service setup and onboarding process consists of several steps:; ; Introduction; ; • Visit the customer to meet the team and perform initial introductions; • Provide an overview of the Managed Service; • Formulate a plan for the next steps; ; Discovery; ; • Run an initial discovery phase in which we review and validate the scope of the service with the business and technical stakeholders; • Create an inventory of the resources to support; • Review existing security controls and processes; • Perform any necessary knowledge transfer; • Define a service catalogue with associated SLAs; • Review of resources and costs required for the managed service; ; On-Boarding; ; • Provision the support, networking and monitoring services; • Implement quality controls; • Check integration points; • Integrate to the customer business process; • Trial run end-to-end key use cases and live incidents; • Start preparing initial knowledge base and relevant run books; • Implement relevant security controls and processes; ; Transition; ; • Switch to the new support service; • Check hands for an official start; • Provide/receive frequent feedback and reporting for a defined period; ; Maintenance and Support; ; • Proactively support and maintain managed service resources; • Provide service level reports with KPIs
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Customer instances and data can be transferred to the customer and source instance/data deleted upon completion. This transfer is included within the managed service cost.
• End-of-contract process: A high level exit plan is contained within the Managed Service documentation. The exit plan contains off-boarding instructions as to whether the service is to be ceased or migrated to another third party.

Using the service

• Web browser interface: Yes
• Using the web interface: The AWS management console interface lets you access and manage AWS through a simple and intuitive web-based user interface. Access rights and levels of access are determined depending upon the specific AWS managed service that will be procured.; ; The Console facilitates cloud management for all aspects of your AWS account, including monitoring your monthly spending by service, managing security credentials, or even setting up new IAM Users.; ; All IaaS AWS administration, management, and access functions in the AWS Console are available in the AWS API and CLI. New AWS IaaS features and services provide full AWS Console functionality through the API and CLI at launch or within 180 days of launch
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: The AWS management console interface lets you access and manage AWS through a simple and intuitive web-based user interface. Access rights and levels of access are determined depending upon the specific AWS managed service that will be procured.; ; The Console facilitates cloud management for all aspects of your AWS account, including monitoring your monthly spending by service, managing security credentials, or even setting up new IAM Users.; ; All IaaS AWS administration, management, and access functions in the AWS Console are available in the AWS API and CLI. New AWS IaaS features and services provide full AWS Console functionality through the API and CLI at launch or within 180 days of launch
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: AWS provides extensive API support. Please visit https://docs.aws.amazon.com/ for detailed information.
• API automation tools:
  • Ansible
  • Chef
  • Terraform
  • Puppet
• API documentation: Yes
• API documentation formats:
  • HTML
  • ODF
  • PDF
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: All AWS functionality is available via the CLI

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Customer environments are logically segregrated to prevent users and customer from accessing resources not assigned to them.; ; Services which provide virtualised operational environments such as EC2 ensure that customers are segregated via security management processes/controls at the network and hypervisor level.; ; AWS continuously monitors service usage to project infrastructure needs to support availability commitments/requirements. AWS maintains a capacity planning model to assess infrastructure usage and demands at least monthly, and usually more frequently.; ; In addition, NETbuilder can proactively monitor service and resource performance and review performance metrics with the customer.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Other
• Other data at rest protection approach: AWS adheres to independently validated privacy, data protection, security protections and control processes. AWS is responsible for the security of the cloud; customers are responsible for security in the cloud. AWS enables customers to control their content.; Wherever appropriate, AWS offers customers options to add additional security layers to data at rest, via scalable and efficient encryption features. AWS offers flexible key management options and dedicated hardware-based cryptographic key storage. Data at rest protection sub-principle and related processes within AWS services, subject to audit at least annually under ISO 27001:2013, AICPA SOC 1, SOC 2, SOC 3 and PCI-DSS certification.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • All applicable data including system configurations.
  • Log files, databases, instances and application data.
• Backup controls: Backups are controlled by the Service Desk according to a backup schedule and retention period agreed with the customer
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Customer environments are logically segregated to prevent users and customers from accessing resources not assigned to them. AWS gives customers ownership and control over their content by design through simple, but powerful tools that allow customers to determine how their content will be secured in transit.; ; AWS enables customers to open a secure, encrypted channel to AWS services using TLS/SSL, and/or IPsec or TLS VPN (if applicable), or other means of protection the customer wish to use.; ; API calls can be encrypted with TLS/SSL to maintain confidentiality; the AWS Console connection is encrypted with TLS.

Availability and resilience

• Guaranteed availability: NETbuilder Digital will use commercially reasonable efforts to make the Included Services available for each AWS region with a Monthly Uptime Percentage of at least 99.99%, in each case during any monthly billing cycle. In the event any of the Included Services do not meet the Service Commitment, you will be eligible to receive a Service Credit as described below.; ; Less than 99.99% but equal to or greater than 99.0%: 10%; Less than 99.0% but equal to or greater than 95.0%: 30%; Less than 95.0%: 100%; ; AWS currently provides SLAs for several services. Due to the rapidly evolving nature of AWS’s product offerings, SLAs are best reviewed directly on the AWS website via the links below:; ; • Amazon EC2 SLA: http://aws.amazon.com/ec2-sla/; • Amazon S3 SLA: http://aws.amazon.com/s3-sla; • Amazon CloudFront SLA: http://aws.amazon.com/cloudfront/sla/; • Amazon Route 53 SLA: http://aws.amazon.com/route53/sla/; • Amazon RDS SLA: http://aws.amazon.com/rds-sla/; • AWS Shield Advanced SLA: https://aws.amazon.com/shield/sla/; ; Well-architected solutions on AWS that leverage AWS Service SLA’s and unique AWS capabilities such as multiple Availability Zones, can ease the burden of achieving specific SLA requirements.
• Approach to resilience: The AWS Business Continuity plan details the process that AWS follows in the case of an outage, from detection to deactivation. AWS has developed a three-phased approach: Activation and Notification Phase, Recovery Phase, and Reconstitution Phase. This approach ensures that AWS performs system recovery and reconstitution efforts in a methodical sequence, maximizing the effectiveness of the recovery and reconstitution efforts and minimizing system outage time due to errors and omissions.; ; AWS maintains a ubiquitous security control environment across all regions. Each data centre is built to physical, environmental, and security standards in an active-active configuration, employing an n+1 redundancy model, ensuring system availability in the event of component failure. Components (N) have at least one independent backup component. All data centres are online and serving traffic. In case of failure, there is sufficient capacity to enable traffic to be load-balanced to the remaining sites.; ; Customers are responsible for implementing contingency planning, training and testing for their systems hosted on AWS. AWS provides customers with the capability to implement a robust continuity plan, including the utilization of frequent server instance back-ups, data redundancy replication, and the flexibility to place instances and store data within multiple geographic regions across multiple Availability Zones.
• Outage reporting: Alerts are generated by our monitoring platform that are received by our 24x7 Service Desk. SMS text alerts, phone calls and/or email notifications are generated and dispatched to user stakeholders for the affected services.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Management access utilises role based access controls and is granted only to those team members who need it. Two factor authentication is also used to further secure and control access.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Alcumus
• ISO/IEC 27001 accreditation date: 18/07/2023
• What the ISO/IEC 27001 doesn’t cover: All aspects of our Managed Services are included within the scope of our ISO27001:2013 Accreditation.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: • ISO27001:2013; • Cyber Essentials; ; AWS:; ; ISO 27001:2013, Cyber Essentials Plus; ISO 27017; ISO 27018; SOC 1/2/3
• Information security policies and processes: Our ISO 27001 Management System identifies significant information security aspects and the associated impacts of our operations. These are managed at all times in a way that minimises risk to all our stakeholders. Training and continual risk assessment ensures this is undertaken in a controlled manner.; ; Specifically, we; ; • Include information security considerations in existing management systems and initiatives with the aim of improving our management processes, information security performance, whilst committing, at a minimum, to compliance with relevant legislation, contractual security obligations and other requirements to which the company subscribes including ISO 27001; • Work in partnership with our contractors and suppliers to influence and/or improve the integrity of their information security.; • Provide and maintain information security.; • Identify and seek to prevent information security incidents which may arise from our processes, operations and work activities.; • Make adequate provision for dealing with all emergency situations in our business.; • Ensure available access to information security training for our staff, encouraging them to apply good practice at all times.; • Discuss information security issues regularly at the highest levels of the company and consult with our staff on all related matters.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change requests can range from supporting AWS infrastructure design work through to provisioning new instances and services.; ; We use a well-defined change management process to ensure that changes are implemented in a controlled manner. Changes are risk assessed, include roll back/recovery procedures and are reviewed by our Change Advisory Board (CAB) prior to implementation.; ; Our change management process follows ITIL standards and is included in our ISO 27001 scope.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: NETbuilder Digital has a ISO 27001 aligned vulnerability management process. This processes is audited several times per year both internally and by a UKAS accredited ISO certification body.; ; All relevant systems are anti-malware protected. Updates are tested prior to deployment and are applied according to a schedule. Mailing list subscriptions and security alert briefings are used to keep abreast of the latest vulnerabilities.; ; Vulnerability assessments are also performed on a regular basis using industry standard tools and remediated in a timely manner.; ; AWS Security performs vulnerability scans on the host operating system, web applications, and databases in the AWS environment.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: NETbuilder Digital has a ISO 27001 aligned protective monitoring process. These processes are audited several times per year both internally, externally and by the ISO governing body.; ; Protection is provided in a number of ways, including SIEM, IPS, host sensors and next generation firewalls.; ; AWS deploys (pan-environmental) monitoring devices to collect information on unauthorized intrusion attempts, usage abuse, and network/application bandwidth-usage. Devices monitor:; ; • Port scanning attacks; • Usage (CPU, processes, disk utilization, swap rates, software-error generated losses); • Application metrics; • Unauthorized connection attempts; ; Near real-time alerts flag potential compromise incidents, based on AWS Service/Security Team- set-thresholds.
• Incident management type: Supplier-defined controls
• Incident management approach: NETbuilder Digital's Incident Management process follows the ITIL standard and is included in our ISO 27001 scope. As such, it is audited and approved by our external auditors. Incidents are raised by customers (via the service desk portal, email or phone), monitoring systems or service desk technicians. Root cause analysis is performed for any incident.; ; AWS has its own comprehensive Incident Management plan, details of which can be provided upon request.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Amazon Web Services (AWS)
• How shared infrastructure is kept separate: Customer environments are logically segregated, preventing users and customers from accessing unassigned resources. Customers maintain full control over their data access. Services which provide virtualized operational environments to customers, ensure that customers are segregated and prevent cross-tenant privilege escalation and information disclosure via hypervisors and instance isolation.; ; Different instances running on the same physical machine are isolated from each other via the Xen hypervisor. The Amazon EC2 firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All packets pass through this layer. The physical random-access memory (RAM) is separated using similar mechanisms.

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  NETbuilder a public target set up with SBTi (Science Based Targets) and report on EcoVadis and CDP, and have ISO 14001.

  Tackling economic inequality

  NETbuilder recruit, employ and train our permanent technical staff per client engagement, often in regional area’s with limited industry. We assess based on attitude and aptitude of the individual, not education alone, which opens up career opportunities to people moving into Digital At a high level we provide:; • Paid full time training so employees do not need to work outside of training hours to support themselves ; • Accessible training programmes that are designed to be inclusive, and adopting and utilising different styles, approach and media to support a wide audience and learning styles. ; • Objective recruitment processes taking away any potential for unconscious bias. This is managed, tracked and auditable in the SkillsNow platform. ; • Localised recruitment to support with local sustainability creating communities and preserving personal and local infrastructure. ; • All employees empowered to actively contribute in our journey towards achieving net zero. Sustainability principles are being integrated into our corporate culture and governance procedures. ; Uniquely we provide transfer options for our staff to move to customer permanent employment on project handover, or after agreed timelines have been met. This promotes in region investment and increases in skills over time, as well as addressing digital skills gaps in critical technologies, as well as supporting maintenance of legacy applications where necessary. ; ; NETbuilder also provide upskilling and reskilling programmes to support non technical staff cross department/ directorate/ agency transition into CDIO, supporting and aligned to Government Digital and Data Profession Capability Framework . This can be provided as a value add during training of our own staff pre-project deployment, combining customer employees into bootcamps, or as a parallel service and stand-alone initiative.

  Equal opportunity

  NETbuilder recruit, employ and train our permanent technical staff per client engagement, often in regional area’s with limited industry. We assess based on attitude and aptitude of the individual, not education alone, which opens up career opportunities to people moving into Digital At a high level we provide:; • Paid full time training so employees do not need to work outside of training hours to support themselves ; • Accessible training programmes that are designed to be inclusive, and adopting and utilising different styles, approach and media to support a wide audience and learning styles. ; • Objective recruitment processes taking away any potential for unconscious bias. This is managed, tracked and auditable in the SkillsNow platform. ; • Localised recruitment to support with local sustainability creating communities and preserving personal and local infrastructure. ; • All employees empowered to actively contribute in our journey towards achieving net zero. Sustainability principles are being integrated into our corporate culture and governance procedures. ; Uniquely we provide transfer options for our staff to move to customer permanent employment on project handover, or after agreed timelines have been met. This promotes in region investment and increases in skills over time, as well as addressing digital skills gaps in critical technologies, as well as supporting maintenance of legacy applications where necessary. ; ; NETbuilder also provide upskilling and reskilling programmes to support non technical staff cross department/ directorate/ agency transition into CDIO, supporting and aligned to Government Digital and Data Profession Capability Framework . This can be provided as a value add during training of our own staff pre-project deployment, combining customer employees into bootcamps, or as a parallel service and stand-alone initiative.

Pricing

• Price: £300 a licence a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at maxwell.ashley@netbuilder.com. Tell them what format you need. It will help if you say what assistive technology you use.