Moriyama

Microsoft Azure Hosting

Azure Cloud Hosting services, including shared or dedicated virtual private machines, dual dedicated servers, load balanced hosting provision, with 24/7 uptime monitoring and more.

Features

• Dedicated VPM
• Load Balancing
• 24/7 Up-time monitoring
• Scalable Environments

Benefits

• Flexible
• Powerful API layer
• Multiple Environment support
• Forms
• Deploy
• Clone and Reuse projects

£358 to £7,800 an instance a year

• Education pricing available

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@moriyama.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

177696110347393

Contact

Thuy Tran
+44 (0)203 745 4285
info@moriyama.co.uk

Service scope

• Service constraints: N/A
• System requirements: Umbraco

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Our response times vary depending on the severity of the incident, as indicated below:; ; - P1: 0.5 working hours; - P2: 2 working hours; - P3: 4 working hours; - P4: 8 working hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Shared hosting for two sites (Production and Staging); Dedicated Production site hosting with shared Staging site hosting
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Moriyama would always recommend a Health Check to ensure we can access the codebase we are inheriting and identify any additional actions that may be required in order for your website to be supported by Moriyama and to provide a baseline understanding of your code. Moriyama's onboarding process enables our Umbraco specialist development team to gain access to your source code and to set your project up in our CI/CD pipeline to ensure we can support, maintain and deploy to your site. Our onboarding process also ensures new clients and the Moriyama team become familiar with each other, to establish ways of working, and to get our partnership off to the best start.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: To make sure your migration away from Moriyama is a smooth as possible we will endeavour to respond to any requests in a timely manner. ; Any offboarding tasks will be treated as support tasks and will draw down on support hours, however if these requests come in after the support contract ends or the current number of support hours are all used up there will be a charge incurred.; ; Offboarding requests can include, but are not limited to:; • Providing backups of source code; • Providing backups of databases used by production sites; • Liaising with your new agency to transfer relevant hosting details where applicable.; We are more than happy to liaise directly with your new agency if this makes things easier and can provide updates on how much time has been spent so you are fully aware of the requests and tasks.; ; As part of our standard data retention policy, your source code and data will be retained for 6 months from the end of your final support contract before they are removed from our records. If you would like us to destroy any data sooner, please just let us know.
• End-of-contract process: In addition to the end of contract deletion and data extraction, activities referenced in the earlier question, Moriyama's client engagement strategy will include the following activities as we near the end of the contract, to ensure any exiting clients leave us well:; - Establish whether the contract will renew at least months ahead of end of term.; - Engagement with the client to capture feedback, conduct exit interviews.; - Agree specific end of contract actions such as, deletion of any confidential data or documentation and revoke access to any client systems or software.; - Liaise with and handover to new supplier as needed.; - Provide an end of contract commercial summary.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: Dependant on tier selected
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft Azure

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Baseline Personnel Security Standard (BPSS)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Website files
  • Website database
  • Virtual Machines
• Backup controls: They have no control and need to raise a support ticket for this request
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: TLS (version 1.2 or above)
• Data protection within supplier network: TLS (version 1.2 or above)

Availability and resilience

• Guaranteed availability: We benefit from the enhanced SLA Microsoft Azure offers with >99.95% ability, and we extend those benefits to our clients.; Whilst we do not currently offer service credits, any issues are explored individually with clients on a case for case basis, and we can agree redress actions where necessary.
• Approach to resilience: Available on request
• Outage reporting: Automated email alerts to mailboxes monitored by multiple senior Moriyama team members.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Moriyama employ principle of zero access and were access is needed for management interfaces and support channels this is granted on a named individual basis. ; Access credentials are stored and obfuscated using a password management platform which utilises dual key and MFA to authenticate user requests. ; Access to client platforms and channels is revoked when no longer needed and/or upon immediate request from a client.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 6 months and 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: No
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: No
• Security governance approach: N/A
• Information security policies and processes: The IT security policy of Moriyama is designed to safeguard company and client data through comprehensive access controls, data protection measures, physical security guidelines, network security practices, incident response protocols, and compliance standards.; ; Access Controls emphasize strong password practices, including length and complexity, with regular changes every 90 days. Multi-factor authentication is mandated for cloud services and remote access. Access is granted based on necessity, following the principle of least privilege, and promptly revoked upon an employee's departure.; ; Data Protection mandates secure storage on approved cloud platforms with encryption at rest and in transit, automated encrypted backups stored offsite. Physical Security guidelines require vigilance with devices containing sensitive data and secure storage of documents.; ; Network Security requires firewalls, updated antivirus software, and prompt security patching. Security Incidents must be reported immediately for investigation, with forensic analysis and appropriate measures to prevent further damage. Breaches are reported to clients and authorities as required by law.; ; Policy Compliance demands employee acknowledgment and adherence, with regular policy reviews to address evolving regulations and technology. Violations may lead to disciplinary measures.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Available upon request
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Available upon request
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Available on request
• Incident management type: Supplier-defined controls
• Incident management approach: The incident response process involves:; ; Incident Identification: Use security monitoring tools, anomaly detection, error reports, or employee/client reports to identify incidents.; Assessment and Containment: Investigate and isolate affected systems to prevent further damage or access.; Eradication and Recovery: Remove malicious elements, reset compromised credentials, and restore systems from clean backups.; Post-Incident Analysis: Determine root causes, extent of compromise, and implement preventive measures.; Notification and Reporting: Inform affected parties, report cyber-attacks to law enforcement, and notify regulators if required.; Return to Normal Operations: Monitor systems, share lessons learned, resume operations, and provide additional security training if necessary.

Secure development

• Approach to secure software development best practice: Conforms to a recognised standard, but self-assessed

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Moriyama are committed to fighting climate change and view this as one of the most serious threats humanity currently faces. We support this through a number of elements: 1. Remote working - we are predominantly remote-based, with the team working from home and meeting up occasionally for team workshops and planning sessions, around once per quarter. This means our carbon emissions are greatly reduced by our lack of need to travel to an office space. 2. Travel choices - where we do need to travel for client or team meetings, we reduce the impact of travel by favouring sustainable public transport as primary method, and make use of lift-sharing wherever possible if public transport is not an option. 3. Using Umbraco as our technology partner means we are contributing to sustainable digital development. Umbraco's sustainability team are focussed on moving towards digital sustainability and carbon neutral delivery of digital solutions.

  Equal opportunity

  Moriyama aims to foster a diverse and inclusive workforce, ensuring every employee feels respected and empowered to perform at their best. ; We commits to promoting equality and fairness by eliminating unlawful discrimination based on various protected characteristics such as age, disability, gender, race, religion, and sexual orientation.; ; Moriyama emphasises creating a workplace free from bullying, harassment, and victimisation, where individual differences are valued, and contributions are recognised. ; All employees are expected to conduct themselves in accordance with these principles and receive training on their rights and responsibilities under the equality, diversity, and inclusion policy.; ; Moriyama pledges to provide equal opportunities for training, development, and career progression based on merit, reviewing employment practices regularly to ensure fairness and compliance with the law. The company will monitor the workforce's diversity and inclusion, assessing the policy's effectiveness annually and taking corrective actions as needed.; ; Complaints of discrimination or harassment will be taken seriously, investigated, and addressed promptly through appropriate disciplinary procedures. The policy underscores the serious consequences of misconduct, including dismissal for gross misconduct. It also acknowledges the legal implications of sexual harassment and other forms of discrimination, reinforcing a commitment to upholding equality and diversity within the organisation.

  Wellbeing

  Moriyama's remote and flexible working policy enables team members to structure their work to balance with life commitments and priorities outside of work, recognising this as crucial for everyone's wellbeing. We encourage all team members to engage with team social events but also recognise and respect colleagues' choices to not do so if that's their preference. Moriyama encourages any employee facing workplace stress to reach out confidentially to their manager or safety representative for support. The goal is to identify the right solutions tailored to the individual's needs and the company's capacity to provide support. This can include: One-on-one discussions Evaluating work processes Allowing time for recuperation or considering temporary/permanent role changes Conducting 'return to work' interviews after stress-related absences to plan manageable schedules Adjusting working hours or duties temporarily Offering additional training or support Exploring flexible working arrangements, including remote options Providing more regular supervision or fostering team socialising opportunities if suitable

Pricing

• Price: £358 to £7,800 an instance a year
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at info@moriyama.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.