Desk Top Publishing Micro Systems Limited

DTP Backup & Disaster Recovery as a Service powered by Oriium

DTP Backup & DR as a Service is an Enterprise-grade backup and disaster recovery service supporting data centre, multi-cloud, SaaS and hybrid environments. Our service provides flexible, powerful, highly-configurable data management solutions enabling protection and recovery of your data and systems.

Features

• Protection of virtual machines, applications (including cloud), databases, endpoints, files
• Recovery of virtual machines, applications (including cloud), databases, endpoints, files
• Comprehensive Data Management
• Scalable SaaS based platform
• Managed service with 24/7 Support
• Public cloud protection
• Retain copies of protected data in one or multiple locations.
• Migration of workloads from on-premises to cloud, or between clouds
• Disaster Recovery and Business Continuity
• Flexible billing options

Benefits

• Policy-driven automation, monitoring, and reporting; no cumbersome scripts required.
• Customised backup schedules to meet any SLA
• Deduplicated data for more efficient data transmission
• Auto-discovery provides proactive protection of newly added datasets
• Customized retention for recovery and compliance
• Configurable encryption both at-rest and in-transit
• Recovery of entire system, instance, or application
• Granular single file recovery
• Recovery in-place to same location or out-of-place to different location
• Data portability between clouds

£10.25 a virtual machine a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@dtpgroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

175239654425725

Contact

Howard Hall
0113 276 0210
tenders@dtpgroup.co.uk

Service scope

• Service constraints: N/A
• System requirements: Bespoke as per customer environment and customer requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Request Priority - Response Time - Target Resolution/Workaround:; ; 1 (Critical) - 1 Hour - 24 Hours ; 2 (High) - 4 Hours - 72 Hours ; 3 (Medium) - 1 business Day - 20 Days ; 4 (Low) 3 Business Days - N/A
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: As per Service Level Agreement
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: The service is fully managed so there is minimal training required. At the scoping stage we will identify any training requirements. Training is provided as part of the service onboarding process, if required.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Data can be restored into a customers compatible storage location of choice. We can also transfer data onto removable media provided by the customer.
• End-of-contract process: Prior to the end of the contract the client will be provided with any relevant extension and renewal options.

Using the service

• Web browser interface: Yes
• Using the web interface: Users can use the HTML5 web console to perform all data management functions, including the initial setup and configuration of applications in scope for backup and disaster recovery. A tenant is initially set up and represents a customer environment. Users will push agent installations through the console followed with an initial configuration of service accounts (if needed) and a definition of content in scope for backup. These data sets are associated with a plan, which defines the number of data copies, retention and recovery point objects.; ; Changes to the scope of the solution is made within the web console, including adding instances for data protection.
• Web interface accessibility standard: None or don’t know
• How the web interface is accessible: Web interface is accessible via standard internet browser and included accessibility controls.
• Web interface accessibility testing: None.
• API: Yes
• What users can and can't do using the API: All functions that are available within the web console can be accessed through a dedicated REST API.
• API automation tools:
  • Ansible
  • Chef
• API documentation: Yes
• API documentation formats: HTML
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Shared resources, such as the management interface and associated components, are ‘right-sized’ to ensure that the total user account within the system can perform the prescribed functions of the platform.; ; Dedicated resources, such as backup appliances, for customers will not affect other customers.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: ORIIUM Consulting Limited

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest:
  • Encryption of all physical media
  • Scale, obfuscating techniques, or data storage sharding
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual Machines
  • Physical Servers
  • M365 Users (Sharepoint, OneDrive and Exchange)
  • Salesforce Users
  • Public cloud workloads
• Backup controls: Additional workloads can typically be added by raising a ticket via the service desk. The customer's authorised administrators may also make configuration changes via the web portal.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery:
  • Users can recover backups themselves, for example through a web interface
  • Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • Other
• Other protection between networks: All backup data is encrypted with the AES cipher and a 256-bit key. This encryption is maintained throughout the entire data flow (in transit and at rest). The encryption keys are stored in a database on the Commvault management server, and are themselves encrypted with a key encryption algorithm. Use and access to the keys is controlled and audited. The key encryption process, along with the whole Commvault cryptographic module, is certified by FIPS 140-2.
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: The Supplier will use reasonable endeavours to ensure that the availability of the Cloud Platform and Suppliers Cloud Target in a given Calendar Month equals the applicable availability commitment. To define availability, the Supplier monitors a number of service elements. If the availability of the Service is less than the associated availability commitment, the Customer or Billing Agent may request service credits for the Service within 30 Calendar Days of receiving the availability report from the Supplier.; ; KPI Metric Target - Service Level; Cloud Platform Availability Monthly* 99.9% ; Cloud Target Availability (Disaster Recovery) Monthly* 99.9% ; Cloud Target Availability (Single Site Storage) Monthly* 99.5% ; Cloud Target Availability (Replicated Storage) Monthly* 99.9%
• Approach to resilience: Geographically diverse UK based tier 3 enhanced data centres in use – further details can be provided on request.
• Outage reporting: Service outages are reported to end users via both a public dashboard (user subscribed) and also email alerts.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Management interfaces are strictly controlled. Access requires a VPN client with 2FA to the Management system. Access to the Management Application then uses role based access and 2FA. Management tools are then only delivered as required by the user's role so they do not have access to tools they are not approved to use. Support channels are available by role based access and 2FA.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: You control when users can access audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: At least 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 11/08/2021
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: NHS Data Security and Protection Toolkit

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: NHS Data Security and Protection Toolkit (formerly IG Toolkit) - ODS code 8JF02.; Cyber Essentials Plus.
• Information security policies and processes: All of our policies and processes are available in Sharepoint for all of our staff to view and carry a reference number, such as OP0001 Oriium Information Security Management Policy or OP0020 Unattended Equipment and Clear Desk Policy. Job descriptions explicitly define which policies staff members must comply with. Processes are designed to comply with Policies and these are audited internally and by a qualified external body. We have a defined Security Incident Management System and procedures so any security incidents such as a failure to follow a process can be reported by all staff members. All incidents are managed and improvements made where needed, training given or disciplinary procedures followed for serious neglect or where malicious action has been taken by a staff member.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configurations are held in an asset management application and managed through a Change Process with the CAB sitting twice a week. The CAB members consist of Senior management as well as Architects and technical staff. All Changes are reviewed at the CAB and security is discussed and reviewed before a change can be approved. Every change requires Management and Technical approval before it can be approved.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We have defined security feeds from our Suppliers and Vendors and review the latest information from trusted sources such as ncsc.gov.uk. We have a team called the Security Forum consisting of Senior managers and technical experts who ensure that security matters are managed and prioritised. A security threat is assessed and the appropriate action taken depending on the severity score of the assessed threat. This may mean that systems receive patches within hours if the risk assessment score is high enough.
• Protective monitoring type: Undisclosed
• Protective monitoring approach: We use a tool to monitor all aspects of the service such as component health (CPU utilisation, Disk latency, etc) as well as software functions (Web response times). All devices have a Monitoring Configuration Profile which ensures a minimum set of attributes are monitored. Realtime alerts are provided to defined staff members including senior management. The alerts are 24/7 and actioned depending on severity. The Alerts can be critical i.e. something has failed or proactive i.e. Web response times are increasing but the service is still within SLA, allowing us to proactively manage the incident before an SLA is breached.
• Incident management type: Undisclosed
• Incident management approach: Incidents can be reported by users via the telephone, the incident management system or via email. We encourage telephone contact for all Major and Priority Incidents. Incidents will also be reported from other areas such as Proactive Monitoring. Incident reports are provided for Major Incidents. We have pre-defined processes for troubleshooting common events.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: The Commvault platform includes a multi-tenant feature that ensures customer environments are separated. This includes access, whereby identity providers are specified per customer. Also, unique encryption keys are employed per customer to ensure data cannot be accessed by other tenants.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The Tier 3 Data Centres used to underpin the service are committed to continually improving their energy efficiency in line with the Code of Conduct for Data Centres Energy Efficiency, and each have in place proactive management and measurement programmes in order to achieve this. Further information is available on request.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  DTP takes its role as an environmental steward extremely seriously and is well advanced towards its target of being a Carbon Neutral organisation by the end of 2024.; ; DTP has invested significantly into achieving this for the last decade, with its own packaging re-cycling plant, and education and in-office recycling programs that mean that we have not been sending anything to landfill since well before the CV19 pandemic, combined with a hybrid vehicle policy and the creation and use of renewable utilities in terms of solar and the purchase of power from renewable sources. All of which are part of our ISO14001 accreditation, and have been recognised by multiple awards in this area over a number of years.; ; DTP as well as focusing on its own carbon footprint also works with clients to help them on their own initiatives and carbon neutral journeys, and provides consultancy services and carbon offset services as part of our offering, whereby a client who subscribes to a product or service for a period, its carbon footprint covering manufacture, distribution, usage and environmental disposal can be offset, which is achieved via UK tree planting, within new forests in the Scottish Borders and the Lake District, and other initiatives such as a UK Seaweed Farm, with Seaweed growing much faster so sequestering higher levels of Carbon. These offset services can be purchased as an annual certified service or for the planned duration of any contracted period.; ; DTP has also hosted many client and user events to promote best practice in the area of environmental stewardship, with lectures for students, roundtables as part of events such as Leeds Digital Festival, and webinars for clients, all of which have been well received.

  Covid-19 recovery

  DTP has done a massive amount of work with clients and the wider community in terms of voluntary activities in supporting them during and through the CV19 pandemic.; ; As an organisation with a wide focus in terms of the technologies and services we provide to clients we have been at the forefront of providing devices and wrap around services that has allowed our clients to move to initially remote, and more recently hybrid working and teaching, not only for staff and students, but also other initiatives around supporting underprivileged students with the means to continue their studies by providing compute and connectivity solutions as subsidised rates.; ; As well as access to functionality for staff and students we were also heavily involved in governance and business continuity related projects during the early stages of the pandemic, helping clients with their back up, recovery and disaster recovery policies and the technology and expertise that underpins these. We have also worked with clients as part of this to refine their security as well, including anti-ransomware services and solutions.; ; Outside of work related CV19 activities we have also supported our local communities in terms of food banks, providing volunteer support, and also bulk product in terms of anti-bacterial wipes to be part of food parcels, and also in the early stage of the pandemic providing these also to university student cohorts, which has resulted in us donating over 1m packs of anti-bacterial wipes. ; ; As we move out of the pandemic we are working closely with clients to enhance their ability to maintain their position as hybrid working and teaching environments, implementing cloud based solutions such as collaborative working, desk booking and meeting room booking, as well as technologies that allow for hybrid meetings – with participants at home or in the office.

  Tackling economic inequality

  As an SME ourselves we understand the importance of economic equality, especially as our two Leeds Centres are based in less prosperous areas, namely Hunslet and Holbeck.; Also as a small business working in the area of IT we realise that we cannot always compete for new staff in todays era of the Great Resignation, and with the IT sector growing at an exponential rate, we have to look at alternative and a mixture of ways to bring new talent into the business, and retain existing talent.; We also have to recognise that certain demographics are more likely to struggle in todays world, especially young people and those on lower incomes, and we have focused on bringing in talent from both areas into roles where they can gain a foothold on the employment ladder, and have a roadmap for progression, and hopefully the flexibility to allow groups such as single parents to be able to progress without it adding further pressure to what can be already challenging balancing acts in terms of working/living. ; DTP also monitors the cost of living and its baring on those entry level, part time and lower level rolls, and especially utility prices within the current economic situation, with us able to support as appropriate which we believe will be particularly relevant this coming winter.

  Equal opportunity

  DTP heavily committed to promoting diversity within it workforce, and ensuring we have diversity friendly policies and approaches to all aspects of our operations. DTP has put in place specific initiatives geared towards the training and advancement around gender inequality, with the target of promoting specific traditionally male orientated roles to a more diverse community. These include sales, technical and management at all levels within the business.; If any specific targets are needed to be put in place for individual customers these will be agreed with each customer at contract commencement, such as targeted training, work placement targets, or apprenticeships as required.

  Wellbeing

  Wellness in the workplace is a key DTP focus area, even prior to the CV19 pandemic we had put in place the structure, training and resources through a team of DTP Mental Health First Aiders, who as well as an employees line manager can be the first point of contact when an employee is struggling with a wellness issue or concern.; During CV19 we doubled down on wellness support as we realised that although working from home was convenient, it was not always the best working practice for some employees optimum wellness, and as such we put in extra measures including anonymous contacts for issues/concerns, and more sign posting support to the correct support or resolver resource whether that be DTP or external.; DTP also became a launch member of This is Me Yorkshire when it launched at the end of Lockdown 1.0, and which is a charity focused on ending any stigma around wellness issues within the workplace. This is Me Yorkshire (TiM) is aligned to the national This is Me network and focuses on creating content covering senior managers and business owners own mental health and wellness journeys, to show that if your bosses can talk about their mental health then it is safe for employees to do so also. TiM also focuses on storey telling support for people wanting to be articulate their own journey and of course sign posting materials and events that promote wellness in the workplace.; DTP has also run a number of wellness in the workplace events for both staff and customers, including webinars and round table events to promote best practice and top tips around wellness – whether individually or for the organisation.

Pricing

• Price: £10.25 a virtual machine a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: Trials are usually in place for a 2-4 week period, but if justified other periods may be possible by mutual agreement.

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at tenders@dtpgroup.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.