ATOS IT SERVICES UK LIMITED

Atos Database Management

Database Management provides operational management support to Database Management Systems (DBMS), and safeguards the daily execution of Customer's business processes, by providing:
▶Ongoing availability, capacity and performance monitoring
▶DBMS transport and cloning
▶Backup and recovery
▶Troubleshooting
Database Services consist of:
▶Oracle
▶MySQL
▶Microsoft SQL
▶DB2
▶PostgreSQL
▶MongoDB
▶Other

Features

• Availability management to keep systems up and running
• Monitoring of the in-scope processes
• Housekeeping of necessary tasks
• Patch management to keep systems on latest security level
• Configuration management
• Backup and restore management of the service
• Security management (initial state and run)
• Vendor management
• Keep documentation up to date
• System user and group management

Benefits

• Performance management enhanced to optimise the used configuration
• Capacity management to optimise used infrastructure capacity
• Database reorganisation to improve performance
• Failover testing for applications using High Availability configurations
• Database index management to optimize databases
• Support Customer with fixes and patches enhancing database functionality
• License management to support customer to be compliant
• Perform Customer application specific patch management
• Provide technical account management
• Technical consultancy to develop customer on its journey

£16.04 an instance a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@atos.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

129393240077512

Contact

Louise Carr
+447733315094
opportunities@atos.net

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: Application Technical Management
• Cloud deployment model:
  • Public cloud
  • Private cloud
  • Community cloud
  • Hybrid cloud
• Service constraints: There are no constraints of the service. Database Services can be provided on any underlying infrastructure platform, including all types of Cloud. Support availability window will be mutually agreed depending on database requirements.
• System requirements:
  • Underlying Cloud (compute, storage and backup) infrastructure
  • Database software licenses (unless open source)

User support

• Email or online ticketing support: Yes, at extra cost
• Support response times: This is subject to customer requirements.
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: For support levels please refer to section “Availability and resilience”. Related prices are in the pricing document.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: User documentation how to access the service will be provided. Furthermore, a High Level Design document tailored to customer will be created.
• Service documentation: Yes
• Documentation formats:
  • PDF
  • Other
• Other documentation formats:
  • Word file format
  • Excel format
• End-of-contract data extraction: Users have local copies of the data already. Additionally, a database export can be ordered.
• End-of-contract process: A database export can be ordered (additional costs will apply).

Using the service

• Web browser interface: No
• Application to install: Yes
• Compatible operating systems: Other
• Designed for use on mobile devices: No
• Service interface: Yes
• User support accessibility: WCAG 2.1 AA or EN 301 549
• Description of service interface: • Command-Line Interface (CLI): Many database systems provide a command-line interface for direct interaction. (E.g. MySQL command-line client, PostgreSQL psql, MongoDB mongo shell, etc.) ; • Graphical User Interface (GUI): Some databases offer graphical management tools for easier interaction, such as MySQL Workbench, pgAdmin for PostgreSQL, SQL Server Management Studio for SQL Server, etc.
• Accessibility standards: WCAG 2.1 AA or EN 301 549
• Accessibility testing: Typically the testing includes:; Screen reader compatibility testing ;; Keyboard navigation testing ;; Colour contrast and visual clarity testing ;; Alternative text for images and icons ;; Input assistance and error handling ;; Testing with diverse assistive technology setups.
• API: Yes
• What users can and can't do using the API: Application Programming Interface (API) allow users to leverage programming languages and database-specific libraries or drivers to interact with the database programmatically. Examples include psycopg2 for PostgreSQL in Python, psycopg for SQLite in Python, pymongo for MongoDB, etc.
• API documentation: Yes
• API documentation formats: Other
• API sandbox or test environment: No
• Customisation available: No

Scaling

• Independence of resources: Each database has one owner defined by the customer.

Analytics

• Service usage metrics: Yes
• Metrics types: - DBMS availability report ; - DBMS capacity reports (DBMS memory, Database size (vendor dependent), DBMS version and Maximum number of concurrent sessions)
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: Never
• Protecting data at rest: Other
• Other data at rest protection approach: Service security is based on underlying infrastructure data at rest service security.
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: If requested by customer, export will be done by Provider (additional costs will apply).
• Data export formats: Other
• Other data export formats: Database export (format depending on database flavour)
• Data import formats: Other
• Other data import formats: Database import (format depending on database flavour)

Data-in-transit protection

• Data protection between buyer and supplier networks: Other
• Other protection between networks: Service security is based on underlying infrastructure service security.
• Data protection within supplier network: Other
• Other protection within supplier network: Service security is based on underlying infrastructure service security.

Availability and resilience

• Guaranteed availability: The following service availability will be provided with this service.; Bronze Set 1 - Service availability window: 5 days, 10 hours (business days), 08:00–18:00 - 98% - Maintenance window: Business days, 08:00 – 18:00;; Silver Set 2 - Service availability window: 5 days, 10 hours (business days), 08:00–18:00 - 99.5% - Maintenance window: Business days, 08:00 – 18:00;; Silver Set 3 - Service availability window: 7 days, 24 hours (all days) - 99.5% - Maintenance window: Saturdays, 08:00 – Sundays, 12:00;; Gold Set 4 - Service availability window: 5 days, 10 hours (business days), 08:00–18:00 - 99.8% - Maintenance window: Business days, 18:00 – 08:00 next day;; Gold Set 5 - Service availability window: 7 days, 24 hours (all days) - 99.8% - Maintenance window: Saturdays, 08:00 – Sundays, 12:00;; Platinum Set 6 - Service availability window: 5 days, 10 hours (business days), 08:00–18:00 - 99.9% - Maintenance window: Business days, 18:00 – 08:00 next day;; Platinum Set 7 - Service availability window: 7 days, 24 hours (all days) - 99.9% - Maintenance window: Saturdays, 08:00 – Sundays, 12:00.; The service availability mainly depends on the underlying infrastructure and used database technology configuration.
• Approach to resilience: This is based on the used database technology configuration underlying infrastructure and datacentre layout.
• Outage reporting: This is included in the monthly service reporting.

Identity and authentication

• User authentication needed: Yes
• User authentication: Username or password
• Access restrictions in management interfaces and support channels: Database username or password.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 6 months and 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: PWC
• ISO/IEC 27001 accreditation date: 01/11/2023
• What the ISO/IEC 27001 doesn’t cover: Scope may be provided upon request.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: Yes
• Who accredited the PCI DSS certification: Blackfoot UK Ltd
• PCI DSS accreditation date: 11/12/2023
• What the PCI DSS doesn’t cover: No non-covered scope. Scope may be provided upon request.
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: PSN
• Information security policies and processes: Atos has in place a full set of security policies; and procedures. Atos staff are required to follow; the procedures, this requirement is covered in; the Security Operating Procedures (SyOps) that; administrators are required to sign on an annual; basis. For the ISO 27001 certification, periodic; surveillance audits are undertaken. The overall; security of the service is the responsibility of a; Senior Vice President.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Configuration management database (CMDB) is filled with configuration items (CIs). The CMDB provides up-to-date configuration information for use in the resolution of incidents.; Additions, removal, and changes of CIs are registered in the CMDB. The CMDB is populated by a combination of automated scanning products and manual processes.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Atos subscribe to filtered vulnerability feeds.; Received vulnerabilities are assessed for their; impact upon the service and patching or other; mitigations are applied in timescales dependent; upon the severity of the vulnerability. High level; reporting on vulnerabilities and oversight is; provided by the Security Working Group.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Event logs are sent to the SIEM service, where a; set of alerting rules are applied to the log; streams in near real-time. The logs are analysed; for any suspicious activity. Where the alerting; rules identify suspicious activity, alerts are; generated and the Security Operations Centre; (SOC) staff investigate the alert and report to the; relevant party for resolution
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Atos has pre-defined incident management; process to cover common security events and a; generic security incident management process to; cover the remaining types of incidents

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Other
• Other public sector networks: Any network and on any infrastructure.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Atos is a global leader in decarbonised digital services incorporating sustainable practices into our IT services to mitigate against the impact of climate change. This is evidenced by our EcoVadis Platinum Award. We are committed to an SBTi endorsed Science Based Target and are on track to reduce all emissions by 50% between 2019-25 and achieve Net Zero by 2039. Activities to achieve this include: IT Products and Services: We place a 20% sustainability weighting during procurement and use EcoVadis to assess supplier environmental performance. We were awarded “Platinum” status by EcoVadis for the fourth year running in October 2023. Renewable Energy Sources: Since 2018, the electricity purchased for our IT equipment, lighting and some space heating in mainland Great Britain has been from 100% renewable sources. Reduce Energy Consumption: Initiatives include the adoption of remote/hybrid working for employees, leading to a 10% drop in Atos UK&I energy usage between H1 2022 and H1 2023 through the rationalisation of 15 offices. In 2020, we signed up to a group-wide car-fleet agreement to source only electric vehicles with the aim to switch our entire fleet to electric or hybrid by 2025 (70% achievement in 2022). Minimise Electronic Waste: Atos has a circular economy approach to minimise electronic waste and extend the lifespan of its IT equipment ensuring that 100% of our obsolete IT assets are collected, reused, or recycled in a responsible way. The policy approach is based on the ISO14001 certified management system. In the UK we partner with Tier1, an SME specialising in hardware recycling. We will assess each call-off contract from G-Cloud 14 and make commitments that will drive sustainability such as: • Selecting sustainable partners and hosting joint decarbonisation workshops • Delivering environmental volunteering opportunities • Delivering training/education on sustainability

  Tackling economic inequality

  Atos recognises that the IT sector faces employment and skills shortages whilst under-represented groups still face barriers to accessing jobs. According to Prospects.ac.uk (December 2023), less than 8.5% of senior leaders in UK tech are from ethnic minority groups, only 16% of IT professionals are female and less than 9% of all IT specialists have a disability. We have implemented initiatives to tackle economic inequality: Early Career Talent Activities Atos provides work experience placements and STEM outreach to schools/universities to inspire students from different backgrounds across the UK into technology careers. Our Graduate and Apprenticeship programmes are over 18 months and provide experience in project delivery, operations and technical areas. The Atos Graduate Internship and Apprenticeship Community supports members in building up a network across the organisation and provides extra-curricular opportunities. Recruitment Activities We have embedded a fully inclusive and accessible end-to-end recruitment process. Actions include: Our Recruitment professionals to complete ‘Diversity, Equality and Inclusion (DEI) training for HR and Talent Professionals’ to attract a diverse talent pool We use Textio, a writing-enhancement service, to remove gender bias from job adverts We use video and flexible/adjusted interviews to provide support if wanted by people with disabilities including neurodiversity, such as assistive technology and schedule flexibility We organise tech career events and partner with organisations such as Bright Network to target candidates from under-represented groups. Career Development Activities All Atos employees are encouraged to set an Individual Development Plan with access to in-house learning and development resources such as Atos University. We will assess each call-off contract from G-Cloud 14 and make commitments that will tackle economic inequality such as: Creating employment opportunities Collaborating with our partners such as Next Tech Girls and SmartSTEMs to deliver training schemes/programmes to address any identified skills gaps and support skills growth.

  Equal opportunity

  Atos has been recognised as a leading employer in supporting an inclusive workplace through its inclusion in the Times Top 50 Employers for Gender Equality 2023 and our Level 3 Disability Confident Leader status. We continually review and improve our DEI initiatives to ensure we advance our goal. Inclusive/accessible recruitment activities We have embedded a fully inclusive and accessible end-to-end recruitment process. To achieve this, we engaged external partners to provide training to managers/HR to ensure fair recruitment by removing barriers and attracting diverse talent. Inclusive working conditions We create an inclusive working environment where all individuals can thrive and enable Atos to retain diverse talent: Policies: Our policies ensure we support all our employees regardless of their characteristics, enabling everyone to access and pursue opportunities available in Atos. DEI Networks: Our employee-led networks are advocates for equality and change in the workplace and wider society. Business Initiatives: We have initiatives to support under-represented groups’ progress in our workplace such as talent programmes and embedding cultural events into our calendar including International Woman’s Day and Black History Month. Fair Pay Our Diversity Pay Gap Report aligned to the Equality Act 2010 (Gender Pay Gap Information) Regulations 2017, is published annually and provides transparent reporting on our progress to create gender and ethnicity balance. Flexible Working Atos is proud to actively support remote/hybrid and flexible working to assist all employees achieve a good work life balance. Beyond this, our Flexible Working Policy outlines the support available to employees and candidates with fluctuating health conditions or care/personal responsibilities. We will assess each call-off contract from G-Cloud 14 and make commitments that will promote equal opportunity such as: Creating employment opportunities for under-represented groups by working with inclusive recruitment partners such as Bright Network Delivering training schemes and programmes for under-represented groups

  Wellbeing

  We are signatories of the Six Standards of Mental Health and invest significantly in the mental health of our employees: Prioritising mental health We provide a comprehensive Employee Assistance Programme (EAP) to all staff including an online GP service, wellbeing toolkits and a free, anonymous 24/7 helpline where employees can get counselling and advice on a wide range of topics including family, financial and legal matters. Promoting positive mental health Our senior leadership team and Mental Health First Aiders act as positive role models, endorsing initiatives like World Mental Health Week. Open culture We drive an open culture where conversations about mental health are supported. Line Managers promote employee wellbeing through monthly 1-2-1s and workload assessment. Should an employee raise a concern over their workload, their Line Manager conducts Individual Stress Risk Assessments and encourages EAP and Stronger Minds helpline use when needed. Holding regular 1-2-1s is a metric Atos Line Managers are appraised on as part of our Performance Management system, ensuring nurturing connections between our managers and employees are embedded as a culture. Increasing organisational capability We partner with third-party specialists in wellbeing and mental health, such as Genius Within, to provide training to our employees. Providing tools and support We provide annual training on subjects such as anxiety and depression, and signpost mental health tools available on our Wellbeing Hub. Tools include links to NHS Mental Health helplines, AXA PPP Wellbeing articles and a Mental Health Toolkit with 19 tips/tools breathing exercises and sleep techniques. Increasing transparency We measure wellbeing in surveys and publish action plans to address employee feedback gathered from the survey. We will assess each call-off contract from G-Cloud 14 and make commitments that will promote equal opportunity such as funding Mental Health First Aiders for the contract delivery team.

Pricing

• Price: £16.04 an instance a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at opportunities@atos.net. Tell them what format you need. It will help if you say what assistive technology you use.