Addooco

Virtual Server Hosting

Addooco’s Clear Skies platform is built across an array of self-owned infrastructure, incorporating multiple layers of redundancy with automated failover. This model ensures there is no supply chain. Engineered for performance and delivered by an accessible team our platform can be readily tailored to meet even the most demanding needs.

Features

• Redundant and High availability infrastructure
• Gigabit direct connections available for direct access from your locations
• All flash storage for superior performance
• Dedicated virtual firewall
• All data stored within the UK
• Separate development and live environments for testing/training
• Migration and design consultancy available as required per project
• Enterprise performance and security with all hardware refreshed tri-annually

Benefits

• Static pricing by consumption, ensures tight/predictable monthly costs
• Can replace all internal server infrastructure replacing any capex
• Enable staff to access all information anywhere/any device/anytime
• UK support team available via; phone, email in person 24-7
• Facilitate remote working effectively and rapidly
• Per user, per month pricing available as appropriate improving ROI
• Online portal access
• Virtual machine templates for out of box experience

£250 to £1,000 a virtual machine a month

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pw@addooco.it. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

157802097829660

Contact

Paul Walters
01246 887887
pw@addooco.it

Service scope

• Service constraints: Monthly updates programme to be agreed upon contract
• System requirements: Enterprise or Professional Operating System

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Monday - Friday 8am-6pm - Support tickets responded in line with SLA definitions; Evening & weekend emergency out of hours support available
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Each customer has a dedicated account manager, however, all staff are capable of supporting each customer. Our support levels are flexible to meet the needs of the client. Standard support hours are 8am-6pm Monday - Friday. We have three tiers of support; Platinum, Gold & Silver, that have different SLA target times. Please see pricing framework for further details. Addooco has a clearly defined per unit per month pricing schedule.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: Initial queries will be directed to the sales team. This aims to gather the full scope of requirements. The client will then be directed to a technical engineer for further consultation. Our services are flexible to meet the needs of the client. We can offer onsite training and user documentation where required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Users will be able to define what form their data is required at the start of the contract. Upon the end of the contract users can contact support to arrange the data extraction.
• End-of-contract process: At the end of the contract, the VM will be decommissioned and any data held handed over to the client as per the agreement. There are no additional costs for this service.

Using the service

• Web browser interface: Yes
• Using the web interface: Users have full access to the virtual infrastructure, permissions can be controlled as required at a granular level. Changes can be made to: storage, memory, processing power and other features.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Accessible through HTTPS secured connection
• Web interface accessibility testing: None
• API: Yes
• What users can and can't do using the API: Users can manage and monitor their virtual infrastructure by creating a user within their UI. There is further documentation available on how to utilise the API.
• API automation tools: OpenStack
• API documentation: Yes
• API documentation formats: PDF
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Capacity is closely monitored via monitoring software and during scheduled maintenance checks
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Staff screening not performed
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: In-house
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Databases
  • Files
  • Email
  • Accountancy
  • Desktop
• Backup controls: Through the on boarding process, customers will be asked to define the backup schedule in conjunction with an Addooco engineer.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Guaranteed 99.95% uptime. Users are refunded based upon downtime period in line with SLA documentation.
• Approach to resilience: Technical architecture is available on request following NDA process. This can be briefly summarised as all infrastructure components and connectivity have multiple levels of redundancy. This is further enhanced by the environmental systems protection (power and cooling) provided by the datacentre operator.
• Outage reporting: Our current platform delivers email reporting for minor issues, major issues would be dealt with by a named support contact and direct phone communication.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: The nature of our clients hosting environments being unique dictates there is not a '1 size fits all' answer here. The restrictions and controls we have in place are defined during a scoping session before solution launch and always adhere to those outlined in our ISO 27001 policies.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: NQA
• ISO/IEC 27001 accreditation date: 26/09/2022
• What the ISO/IEC 27001 doesn’t cover: Scope covers the business as a whole
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Addooco’s Information Security Policy demonstrates the direction and commitment of the company to information security in order to protect its own information assets and assets belonging to clients. Addooco will develop and maintain an effective, documented Information Security Management System (ISMS) based on the requirements of ISO 27001 to ensure that we have a documented method of control that protects Addooco, its customers and stakeholders. ; It is our policy to ensure that:; • Information will be protected against unauthorised access; • Confidentiality of information will be assured ; • Integrity of information will be maintained; • Information Security Objectives are set by management in line with our company SMARTER approach.; • Statutory and regulatory legislative requirements will be met; • Business Continuity plans will be produced, maintained and tested; • Information security training will be available to all employees; • All breaches of information security, actual or suspected, will be reported to and investigated by the Information Security Officer

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Change control is managed by the team and must go through the programme manager of the development. This change control will be documented within a project. Whether this is one task or a phase of a project will be dependent upon complexity of the changes to be made and again this will be defined for each change made to the development. Technical reviews will be run as and when deemed a requirement by the management team in the development lifecycle.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Threats take many forms and with each environment being bespoke to the client we must assess on a case by case basis.; ; All patches provided by software developers such as Microsoft Windows updates are tested on separate development prior to deployment. Assuming successful validation we will deploy within 7 days of release.; ; We believe education of the end users to protect against social engineering techniques are just as important as technical solutions these days.; ; Our knowledge about threats is provided by trusted industry sources and by the experience of securing a wide variety of client environments.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: All servers that publish services directly to the public internet are hosted behind dedicated virtual firewalls. These firewalls run IPS services that report in real time to our monitoring platform about any threats.; ; Depending on the threat identified a range of measures can be deployed from simply blocking the attacking IP, through to temporarily closing that attack vector (port/protocol) whilst the software being run on the virtual server is updated by the software supplier.; ; We would expect any suspect traffic pattern to be flagged immediately and responded to by a member of our support team.
• Incident management type: Supplier-defined controls
• Incident management approach: OPS008 is our internal documentation that handles incident management and forms part of the Addooco management system. This document is integral to our ISO 27001 accreditation. Once appropriate NDAs are in place we are happy to share this internal document.; ; This can be briefly summarised as an incident will either be reported by an end user via the helpdesk or through our monitoring. Depending on the incident type will depend on the escalation path. Major incidents will be in the hands of senior management within 10 minutes of occuring at which point appropriate resource will be coordinated and delivered.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: KVM hypervisor
• How shared infrastructure is kept separate: Virtual machine strorage is segregated by client.; All client LAN traffic is separated by client dedicated VLANs.; Internet facing servers are protected via a dedicated firewall.; All administration is performed in adherence to our ISO 9001 and 27001 accreditations.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Industry experts recommend encouraging first and foremost efficient use of IT devices, as they can turnover quickly and deliver rapid improvements. Telehouse provide a wide portfolio of energy efficient hardware.; Data centers with free cooling, lowering Power Usage Effectiveness (PUE); Buying low-carbon electricity powering the data center ; Use of energy efficient lighting systems throughout the data center; Cold aisle containment employed to improve cooling efficiency; Adiabatic cooling used to adjust the airflow to control temperature; Variable speed pumping systems used in our chillers, fans and UPS filter drives; High power Busbars used for the safe and efficient distribution of electricity; Energy monitoring systems to identify supply and deviation

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Addooco are certified PAS2060 carbon neutral. All of our services are delivered net neutral.

Pricing

• Price: £250 to £1,000 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pw@addooco.it. Tell them what format you need. It will help if you say what assistive technology you use.