Rackspace Ltd

Rackspace Sovereign Epic Managed Hosting

Rackspace Sovereign Managed Epic Cloud is hosted on a fully managed, single-tenant private cloud solution that has been designed for UK healthcare organisations, hosting data up to NHS Class V data or at OFFICIAL-SENSITIVE. A custom-built platform designed to meet demands of EMR Epic applications, ensuring scalability and consistency.

Features

• Dedicated and encrypted enterprise-grade infrastructure environment
• 24x7x365 service and support
• ITIL-aligned IT service management
• UK sovereign and security cleared solution
• Fully managed and proactive operational management
• Dedicated or shared versions available
• Disaster recovery using pair of Rackspace data centres
• PSN-accredited management environment
• NHS and NCSC compliance statements
• 10,000+ VMware hosts and 100,000+ virtual machines under management

Benefits

• Ready to host sensitive UK Healthcare data
• Minimising unplanned down time using automation and proactive monitoring
• Single-tenant environment meets security, compliance, data sovereignty needs
• Access to Rackspace experts for guidance and advice
• Comprehensive lifecycle management, automation and policy-based governance
• Proven VMware credentials underpinned by annual independent IT health check
• Proven VMware credentials underpinned by multiple VMware Partner awards

£50,000 a unit a month

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sovereignservices@rackspace.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

149176274607558

Contact

UK Sovereign Services
+44 (0)208 734 8107
sovereignservices@rackspace.co.uk

Service scope

• Software add-on or extension: No
• Cloud deployment model: Private cloud
• Service constraints: Minimum commit is required depending on the size of the platform specified.; ; Hardware and software utilised for Epic services must be selected from Epic's approved list
• System requirements:
  • Each environment is designed to customer & Epic specifications
  • Must be fully managed
  • Customer supplies the Epic licences

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 incidents are responded to within 15 minutes of the incident being logged, 24 hours a day, 7 days a week. Incidents are logged either by phone, email or the automated monitoring of infrastructure and applications. Full details of the service response targets for incidents, changes and requests can be found in the terms and conditions.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: No
• Support levels: Platform SLAs and response times apply.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Rackspace provides all new customers a ‘101’ introduction to the service, which includes an overview of the service level, including the support team functions, the monthly account review, service delivery team engagement, maintenance scheduling, change and escalation processes, monitoring portal, and the billing portal walk-throughs.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: Customers can transfer their data using VMware native tools.; Rackspace can provide project resources at additional cost to migrate workloads into or out of the platform.; Upon request, Rackspace can attach a portable device to customer’s servers. Customers are responsible for transferring data to the portal device and for ensuring personal data, sensitive personal data, and other types of sensitive data are appropriately protected (encryption).
• End-of-contract process: At the end of the contract, it will automatically roll over to a monthly cycle contract unless customer gives 30 days notice to terminate or renew their contract. Rackspace will inform the customer of the roll over taking effect and work with the customer to identify options to formally extend the contract or to initiate a termination as per the call-off contract agreement.; ; In case a customer wishes to terminate its contract, Rackspace agrees to plan, cooperate and provide exit assistance in good time to achieve a smooth transition of services with minimal disruption to customer’s operation and to continue to provide the services until transfer is complete. Additional fees would apply.

Using the service

• Web browser interface: Yes
• Supported browsers:
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari
• Application to install: Yes
• Compatible operating systems:
  • Android
  • IOS
  • Linux or Unix
  • MacOS
  • Windows
• Designed for use on mobile devices: Yes
• Differences between the mobile and desktop service: Epic's desktop client provides the full range of Epic functionality including comprehensive tools for managing patient records, scheduling, billing, clinical documentation, order entry, and more. A desktop client also offers a full-featured user interface, runs on Windows-based systems, and is used across all roles in the hospital setting.; ; The Epic mobile client (for mobile phones and tablets) is designed for a specific use case which supports the needs of healthcare workers whilst mobile. It offers more limited functionality and may include viewing schedules, accessing patient summaries, checking lab reports, and entering quick notes through a simplified user interface.
• Service interface: No
• User support accessibility: None or don’t know
• API: No
• Customisation available: Yes
• Description of customisation: We would support the platform customisation required to support the customer's customised Epic install (e.g. extra classroom environments, integrations, etc.).

Scaling

• Independence of resources: Strict monitoring and capacity planning procedures

Analytics

• Service usage metrics: Yes
• Metrics types: Concurrent users / sessions are measured. We also measure storage / latency / network performance from a platform perspective.
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Epic

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
  • Other
• Other data at rest protection approach: Data encryption is implemented as per the customer's requirements.
• Data sanitisation process: Yes
• Data sanitisation type: Explicit overwriting of storage before reallocation
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Data importing and exporting

• Data export approach: N/A to management of the Epic service. Configuration done at application level by the customer.
• Data export formats: Other
• Data import formats: Other

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
• Other protection between networks: PSN connectivity
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection within supplier network: Dedicated customer virtual networks (VLAN / VxLAN) are used to logically segment customers' networks. ; ; Firewalls protecting the customer from the Rackspace public network and from the Internet are implemented, configured and managed by experienced Internet security specialists according to the customer’s explicit requirements. Firewalls are configured with Access Command Lists (ACL), which prevent access to private internal IPs and deny access to all non-administrative ports.; ; For higher levels of assurance, Rackspace offers support using a PSN-accredited, secure management platform.

Availability and resilience

• Guaranteed availability: Support Request Response Times: Rackspace provides 15 minutes response time SLA for emergency and up to 4 hours for standard priority tickets. Should there be a failure to meet any SLA objectives, the Customer Success Manager will calculate the appropriate performance credit as per the contractual agreement, and complete the necessary internal approval process. Once approved, the credit is issued to the customer account and can be offset against pending or future invoice. A relevant ticket is also created and the credit note stored on the customer portal for long-term record keeping.
• Approach to resilience: Disaster recovery (DR) is typically provided via the OS / application level. Data can be replicated between environments running in different DCs via the OS / application tools.; ; Rackspace can provide multiple data centres per region in a majority of cases, utilising Rackspace sites, and/or cloud platforms such as Azure. Rackspace will work with customers to understand their disaster recovery / resilience requirements, and will architect a solution designed to meet the defined recovery time / point objectives.
• Outage reporting: Following a major incident, a customer may request an Incident Report from the Rackspace Customer Success Manager. This report will be delivered via email and contains a summary of the events that occurred, along with a root cause analysis and preventative actions.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google Apps)
  • Limited access network (for example PSN)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Other user authentication: HSCN
• Access restrictions in management interfaces and support channels: Customers do not have direct access to hypervisors. Rackspace access control policies are based on the principles of ‘least privilege’ and ‘segregation of duties'. Customer solutions reside on their own dedicated VLAN. Rackspace administrative access to dedicated customer solutions is performed via the Bastion Servers, which act as segregation points between the Rackspace corporate network and the customer environment. Access via the Rackspace Secure Management Environment is subject to stringent logging and auditing controls.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password

Audit information for users

• Access to user activity audit information: Users receive audit information on a regular basis
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Standards Institute (BSI)
• ISO/IEC 27001 accreditation date: 10/11/2023
• What the ISO/IEC 27001 doesn’t cover: Software development controls are excluded and some international office space is not in scope.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO/IEC 27017:2015
  • ISAE 3402 Type II / SOC
  • Public Services Network Service Connection
  • Public Services Network Service Provider
  • ISO/IEC 27018

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Cyber Essentials Plus; ISO 27017; ISO 27018; SOC 1/2/3
• Information security policies and processes: Rackspace’s Leadership Team has assigned lead responsibility for information security to the Chief Security Officer. The Chief Security Officer has reviewed and approved the information security management system (ISMS), which demonstrates the commitment to the establishment, implementation, operation, monitoring, review, maintenance and improvement of the ISMS. The Chief Security Officer collaborates with Rackspace Legal Counsel to monitor compliance with all local and national laws and regulations that apply to Rackspace.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Rackspace Sovereign Government Cloud utilises a UK sovereign support tooling and resource platform. All change / problem / incident management is via ITIL process.; ; Rackspace utilises technical change management to control changes to the shared infrastructure. Proposed technical changes are subject to Change Board approval according to defined thresholds.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability scans are performed on a quarterly basis at a minimum but can be run on-demand if required. Any vulnerabilities that may be identified will generate support tickets as part of the scan process. These tickets are alerted to the assigned Lead Engineer for management purposes and to ensure actions are carried out in a timely manner.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Rackspace Sovereign Epic Managed Hosting employs sophisticated software-defined service instrumentation and monitoring that integrates at the component or server level, the data centre edge, our network backbone, Internet exchange sites and at the user level. This provides visibility when a service disruption is occurring and pinpointing its cause.; ; Proactive monitoring continuously measures the performance of key subsystems of the services platform against the established boundaries for acceptable service performance and availability. When a threshold is reached, or an irregular event occurs, the monitoring system generates warnings so that operations staff can address the threshold or event.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Rackspace maintains formal incident response processes concerning both corporate network incidents and incidents affecting customer solutions. Incidents that affect more than one customer or Rackspace operations (enterprise-impacting) are managed from a centralised tool that provides alerting and escalation paths and procedures, communication procedures and command, control and communication across all Rackspace facilities.; ; Rackspace will work with you to institute a formal incident response plan for your environment. Rackspace can optionally provide a dedicated Intrusion Detection Service device with managed services for this purpose.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: Yes
• Connected networks: Public Services Network (PSN)

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Rackspace has committed to achieving net zero carbon emissions by 2045. This is five years ahead of the UN Paris Agreement on Climate Change ambition to limit the global warming of the planet to 1.5 degrees Celsius, compared to pre-industrial levels. We have begun the process of automating our large facilities with smart, energy-saving features. We have assembled a cross-functional team to define our ESG-related goals more clearly so we can better measure our impact in the future. We have also invested in and are deploying smart building automation systems in five locations globally and three data centres, both including London. These systems will drive reduced energy consumption in each of these locations, through building control systems that provide the ability to efficiently manage light, heat and cooling zones based on operational demand. Globally, one of our highest impact initiatives in 2024 is the move to a new corporate headquarters, which is estimated to reduce our footprint by around 80%.

  Covid-19 recovery

  We have evolved physical health programmes and developed new mental and emotional wellness programs to better serve and support our Rackers, as we recover from COVID. In addition, we began to look for ways we could help those organisations that support our communities. To that end, we initiated a company-wide donation match program, matching Racker donations to COVID-19 relief organisations and other non-profit organisations that provide valuable services and support to local communities. During this first two-week campaign, Rackspace and its employees donated more than £152,000 toward the COVID-19 relief efforts of over 360 organisations around the globe. We actively promote volunteering to support and fund-raise for charities and we offer a minimum 40 hours of paid volunteer time off annually.

  Tackling economic inequality

  At the core of every Racker is a drive to leave the world better than we found it, and we are passionate about giving back to our communities across the globe. While Rackers can leverage paid volunteer time off for any cause, our Rack Gives Back programme creates opportunities for Rackers to give our time and talent to others. As an example in 2022, we donated 21,000 hours and over £125,000 to charity.; One of the many examples of Rackspace tackling economic inequality are donations to local communities. When downsizing to a more workforce fitting global headquarters, Rackspace donated over 1,500 computer monitors, 2,000 chairs and hundreds of decks to local charities and schools. In 2022, Rackers (Rackspace employees) also donated over £20,000 24 food banks globally. ; The Rackspace Foundation takes a ‘place-based’ approach to community investment. Rather than focusing on a single cause across many geographic regions, we are committed to providing holistic support for the schools and students in our immediate neighbourhoods. For example, at our headquarters, we have adopted seven schools in San Antonio, where we fund important programs that help meet basic needs and give students a well-rounded education.

  Equal opportunity

  Having a diverse workforce – made up of team members who bring a wide variety of skills, abilities, experiences and perspectives – is essential to Rackspace’s success. We are committed to the principles of equal employment opportunity, inclusion and respect. We do not tolerate discrimination against anyone – team members, customers, business partners, or other stakeholders – on the basis of race, colour, religion, national origin, sex (including pregnancy), age, disability, sexual orientation, gender identity, marital status, past or present military service, or any other status protected by the laws or regulations in the locations where we operate. We provide equal employment opportunity to everyone who is legally authorised to work in the applicable country. We provide reasonable accommodations to individuals with disabilities and removes any artificial barriers to success.; Rackspace has also introduced a number of initiatives to help working parents and allow the sometimes disadvantaged to thrive in our workplace with flexible hours and other support specifically designed for working parents.

  Wellbeing

  Rackspace has a number of wellbeing programs in place to keep our teams healthy. We have invested in this area additionally over the COVID period, since it is widely viewed that the isolation introduced through lockdown has introduced new challenges for some of our teams. We offer a comprehensive employee assistance programme (EAP) providing Rackers with access to confidential professional support with any of the following challenges: depression, anxiety and mental health, family or relationship problems, improving work life balance, financial or legal problems, child or elder care challenges. We have a monthly wellbeing challenge ('The Racker Recharge'), which is a fun competition with a small prize focused on a particular area of wellbeing. The purpose of the challenge is to build awareness of heathy practices and build good habits in our teams. As an example, March’s challenge was on nutrition, hydration and sleep. ; One of our core values is compassion – we are one team doing the right thing for our customers, communities and each other. In many of our locations we offer discounted membership to local gyms to allow Rackers to keep their bodies as fit as their brains.

Pricing

• Price: £50,000 a unit a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sovereignservices@rackspace.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.