brightsolid online innovation Ltd.

Brightsolid Cloud

Brightsolid Cloud delivers a secure cloud platform, featuring a self-service portal that offers immediate availability, lightning-fast deployment, unrivalled flexibility and comprehensive security that will help you drive your digital transformation journey.

Features

• Cost-Effective Cloud Hosting
• Elastic Virtual Data Centres
• Self-Service Portal
• Self-Service Reporting
• Straightforward monthly billing
• On-demand scaling
• Advanced security features
• Immutable data protection
• Integrated disaster recovery
• 24/7 service desk with specialist knowledge and expertise

Benefits

• Provision services instantly, as and when required
• Full control of your cloud infrastructure
• Comprehensive insights on the performance, availability, and utilisation
• Predictable and transparent monthly costs
• Scale resources effortlessly to meet changing demands
• Fully secure environment
• Data cannot be altered accidentally or by malicious attackers.​
• Data resides exclusively in the UK
• Monitored and protected round the clock

£25 a virtual machine a month

• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alan.gardiner@brightsolid.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

160715214689818

Contact

Alan Gardiner
07932710727
alan.gardiner@brightsolid.com

Service scope

• Service constraints: N/A
• System requirements: N/A

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: SLAs as low as 1 hour during the week and at weekends.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: We have three levels of support - Essential, Advanced and Complete - covering Infrastructure Management​, Virtual Server Management​, Managed Security​, Managed Network​, IT Service Management Reporting, Physical Server Management​, Advanced Firewall Management​, Advanced Network Management​, Advanced Security Management​​, FinOps Cloud Optimisation​, Software License Management​ and Multi-Cloud Billing​. Costs depend on the size and complexity of your infrastructure, however the Essential service is included for free with all Brightsolid Cloud instances.; ; Cloud, security and network engineers provide the support, working alongside a dedicated customer success manager.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: It's a fully managed service supported by online training and full user documentation.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: We use Zerto as a data extraction tool. Customers have full access and control of their data at all times.
• End-of-contract process: Customers are able to remove data and decommission environments themselves. Any support required is charged at standard rates.

Using the service

• Web browser interface: Yes
• Using the web interface: Full access, visibility and control of the environment including creating a cloud instance and adding and managing virtual machines
• Web interface accessibility standard: WCAG 2.1 AAA
• Web interface accessibility testing: N/A
• API: Yes
• What users can and can't do using the API: Users are able to programmatically manage every aspect of their cloud infrastructure using modern deployment tools.​
• API automation tools:
  • Ansible
  • Chef
  • SaltStack
  • Terraform
  • Other
• API documentation: Yes
• API documentation formats:
  • Open API (also known as Swagger)
  • HTML
  • ODF
  • PDF
  • Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
• Using the command line interface: Tenant/Account Management and Provisioning; ; Deploy, modify, and manage virtual machines; Deploy, modify, and manage Networking; ; Deploy, modify, and manage tenant storage; ; Deploy, modify, and manage tenant firewalls and Security; ; Retrieve performance metrics and monitoring data for VMs and other resources.; ; Manage backup policies of our integrated backup solutions.

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Customer tenants are isolated from one another though the implementation of the following controls:; ; • User access control isolation via independent identity providers.; • Compute processing with ringfenced resource isolation.; • Network resource isolation via software defined networking policy.; • Storage performance via physical or policy defined isolation.; • Security via physical device assignment or horizontally scaled micro-segmentation.
• Usage notifications: Yes
• Usage reporting:
  • API
  • Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least every 6 months
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Immutable data back ups
  • Back ups for files and VMs
  • User controlled back ups
  • User controlled recovery
• Backup controls: Users have full control over what is backed up and when. Schedules can be set for different items and there is complete visibility on the status of each back up.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
  • Other
• Other protection between networks: Zero Trust Network Access
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: We have a 100% up time guarantee backed by service credits.
• Approach to resilience: A full resilience overview is available on request.
• Outage reporting: Outages are reported directly to any customers affected via their dashboard and email.

Identity and authentication

• User authentication: 2-factor authentication
• Access restrictions in management interfaces and support channels: As well as 2 factor authentication, user roles and access are tightly defined and controlled at all times.
• Access restriction testing frequency: At least every 6 months
• Management access authentication: 2-factor authentication
• Devices users manage the service through: Dedicated device on a segregated network (providers own provision)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau
• ISO/IEC 27001 accreditation date: 12/12/23
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • ISO14001
  • ISO9001
  • ISO22301

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Brightsolid is aligned to the Government Security Policy Framework, is ISO 27001 certified and has Cyber Essentials Plus. We also have our own Security Operations Centre.; ; Security is a board level issue with our CTO and Director of Compliance and Risk giving monthly updates on any issues and actions required.; ; Every member of staff, including the board, undertake quarterly security training.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Brightsolid has documented configuration, change and incident management processes and is ISO 27001 certified. We conduct regular internal and external vulnerability scans, and our infrastructure is monitored 24/7 by our in-house SOC
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Our cloud infrastructure follows the principle of security by design and adheres to the NCSC 14 Cloud Security Principles ensuring that security controls are built into every layer of our architecture. ; ; We have our own 24/7 Security Operations Centre which proactively monitors our environment, deploys patches and continually assesses and updates our understanding of the threat landscape. We conduct weekly vulnerability scans of our assets to look for misconfigurations and to ensure there are no missing security patches. Patches are deployed via a patch management system and follow strict patching schedules. All patches are installed within 14 days of release.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: Our infrastructure is continuously monitored 24/7 by our in-house Security Operations Centre. As well as logging and monitoring, the SOC conducts regular manual and automated threat hunting activities. All security logging data is kept for a minimum of 90 days. The SOC capability ensures efficient and timely detection and response to any cyber security incident.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: We follow a robust and clear incident management process which is designed to address quickly any issues impacting the services we provide caused by faults, security issues or physical security breaches. ; ; Users can report incidents via a ticket or directly to our support desk, with all incidents managed by our Incident Management Team through to closure. ; ; A customer's control panel highlight any incident and its status, and we provide a full incident report to each customer affected.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: • Independent per tenant identity providers.; • Compute with ringfenced resource isolation.; • Network resource isolation via software defined networking policy.; • Storage performance via physical and/or policy defined isolation with Data Encryption at Rest.; • Security via physical or virtual device assignment.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Brightsolid’s Tier III designed data centres in Aberdeen and Dundee are powered by 100% renewable clean electricity that is generated by a combination of wind and hydro assets, and is fully backed by Renewable Energy Guarantees of Origin (REGOs) and verified by EcoAct, a CDP Accredited Provider. ; ; The location of Brightsolid’s data centres in Aberdeen and Dundee allows customers to take advantage of free air cooling. Brightsolid’s data centres take outside air that is already at or below the temperature required to cool IT equipment and circulate it within the data centres. Even during the warm summer months the data centres can be cooled using free air cooling. ; ; Hot and cold aisle containment is used to improve airflow and reduce energy consumption. Hot aisle containment uses the natural properties of warm air rising to extract air from the top of the rack, rather than the rear of the rack. Cold aisle containment is used with doors at the end of each aisle and partitions on the ceiling that act as physical barrier to contain the supply of cold air. ; ; Across both data centres, blanking plates within racks and floor brushes are used to improve overall airflow and reduce energy consumption.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality

  Fighting climate change

  Brightsolid’s Tier III designed data centres in Aberdeen and Dundee are powered by 100% renewable clean electricity that is generated by a combination of wind and hydro assets, and is fully backed by Renewable Energy Guarantees of Origin (REGOs) and verified by EcoAct, a CDP Accredited Provider. ; ; The location of Brightsolid’s data centres in Aberdeen and Dundee allows customers to take advantage of free air cooling. Brightsolid’s data centres take outside air that is already at or below the temperature required to cool IT equipment and circulate it within the data centres. Even during the warm summer months the data centres can be cooled using free air cooling. ; ; Hot and cold aisle containment is used to improve airflow and reduce energy consumption. Hot aisle containment uses the natural properties of warm air rising to extract air from the top of the rack, rather than the rear of the rack. Cold aisle containment is used with doors at the end of each aisle and partitions on the ceiling that act as physical barrier to contain the supply of cold air. Across both data centres, blanking plates within racks and floor brushes are used to improve overall airflow and reduce energy consumption.

  Tackling economic inequality

  We provide a hugely discounted Community Cloud via our two Scottish data centres; Dundee and Aberdeen, to local community-based organisations. Benefits of the service include: ; ; Cost savings and predictable billing for organisations ; ; Significant reduction in energy costs ; ; Cap-Ex free computing ; ; Increased agility, and the ability to deliver projects more quickly ; ; The ability to foster and drive innovation ; ; The ability to scale as required, in order to drive economic growth and meet customer needs ; ; Improved resource utilisation ; ; Simplified maintenance and lower associated costs ; ; Resiliency and redundancy to provide reassurance around continuity of service ; ; We support Dundee Bairns, a local charity that has provided over 300,000 meals in the past year to the area’s most vulnerable children. We undertake a range of fundraising activities throughout the year and whatever money staff raise is matched by the organisation.

Pricing

• Price: £25 a virtual machine a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: We offer a one month proof of concept, fully functioning trial for new customers.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at alan.gardiner@brightsolid.com. Tell them what format you need. It will help if you say what assistive technology you use.