GrowCreate Limited

Managed Cloud Services

GrowCreate cloud services include hosted and managed platforms, apps, and data services. Our cloud services cut costs and difficulties when delivering cloud-native applications. We supply or manage Cloud Hosting and DevOps for your .NET application.

Features

• Secure cloud web application hosting, development, support and maintenance
• 24/7 solution monitoring
• 99.99% availability SLA
• High Availability scalable hosting platforms
• Umbraco platform specific hosting expertise
• Managed Cloud Consulting for ongoing optimisation
• Migration planning and support

Benefits

• Hosting on Microsoft Azure, Amazon Web Services
• Scalable, secure, and cost-efficient
• Fully managed service
• Experienced in CMS specific issues

£675 to £1,500 a unit a day

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ainsley@growcreate.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

184605606453923

Contact

Ainsley McWilliams
01844393962
ainsley@growcreate.co.uk

Service scope

• Service constraints: No
• System requirements: No specific system requirements

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Normal Business Hours: Monday-Friday (excluding national holidays) Office Hours: 09:00 – 17:00 (Monday-Friday) Standard response within 1 hour. Custom support is also available outside normal business hours.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: No
• Web chat support: No
• Onsite support: No
• Support levels: We offer Business (£975 + VAT per month) and Enterprise (£1,950 + VAT per month) support packages. Our recommended package will be dependent on the complexity of your solution. We provide fixed-price technical support, governed by a Service Level Agreement (SLA). Our Business Support programme is for websites with some integrations or advanced functionality. The support programme covers Priority 1 and Priority 2 issues on your website, including maintenance, security patches, and managed hosting. Active maintenance Our support and hosting package gives you access to a proactive monitoring service by an infrastructure specialist. Every month, our Support Engineer will review your solution and ensure it is maintained. Our service includes: Service Level Agreement Unlimited bug fixes Ticket Management Website Maintenance Performance, Technical SEO, Accessibility monitoring Umbraco Licences Optional Retained Hours Dedicated Account Manager Azure Support Contract with Microsoft Umbraco HQ Support Out-of-hours Support Options
• Support available to third parties: No

Onboarding and offboarding

• Getting started: This is highly dependant on the needs of the user and will be discussed on a case by case basis. GrowCreate engages with customers to undertake full scoping and onboarding activities.
• Service documentation: No
• End-of-contract data extraction: The method of data access depends entirely on the user's needs. We can either provide access for them to extract data themselves or supply copies of the data based on their preferences. We do not retain client data at the end of a contract and always strive to accommodate the user's needs in obtaining their data.
• End-of-contract process: The term of the Contract shall be in force from the Start Date until terminated by either party in accordance with the; Contract. Upon contract termination, all included services are deactivated and decommissioned. The customer can request any required data from the solutions before service termination. Such requests will be coordinated and fulfilled as needed prior to the contract's end.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: Appropriate scaling of application resources for the level of expected traffic and continuous monitoring of application availability.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Developed Vetting (DV)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: Never
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Database
  • Application assets
  • Application content
• Backup controls: Backup configuration can be customised based on clients needs.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: Standard SLAs on provision of service work back to back with Azure, which offers 99.99% on the server level. Availability on a server-side level may be negotiated but no higher than those committed to by the provider - eg 99.99%.
• Approach to resilience: Available on request
• Outage reporting: We can offer email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: Each user has a role, and permissions are controlled based on these roles. This applies to all access channels, including email, interfaces, support channels, and servers, regardless of how users are authenticated.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: No audit information available
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: Citation ISO Certification
• ISO/IEC 27001 accreditation date: 07/10/2020
• What the ISO/IEC 27001 doesn’t cover: None
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow all recommended best practices to ensure all data in our care is ; protected from unauthorised access and theft, that personal data is protected above all else, and that our clients remain compliant with GDPR and other regulations. ; We are ISO 27001 certified and have a well-established Information Security Management System (ISMS) in place that ensures our data’s availability, integrity, and security is monitored and maintained. Our ISMS policy details our approach to Information Security and how we access and manage risk, while our client data privacy notice details the way we handle data and use it to provide services and business operations.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: GrowCreate manage change through bespoke process and systems. Some of these tie to our ISO27001 standard and are audited externally annually. Other tried-and-tested change management processes are refined with our customer based over the years,
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: GrowCreate is an ISO27001 accredited company and all our systems and processes link through this framework.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: GrowCreate are a ISO27001 accredited company and all our processes are tied to this framework.
• Incident management type: Supplier-defined controls
• Incident management approach: GrowCreate are a ISO27001 accredited company and all our processed are tied to this framework.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  Fighting climate change

  Fighting climate change

  Grow Create is a Net Zero web agency dedicated to implementing environmental best practices wherever practical and within available resources. Adam Weston holds overall responsibility for compliance at Grow Create, reporting to the board on the performance of the Quality (9001), Information Security (27001), Environmental Management (14001), Health & Safety frameworks, and suggesting areas for improvement.; ; We manage and report our use of energy, water, and chemicals, and fully comply with local environmental regulations. Currently, we source 100% renewable electricity and have SMART targets for reducing energy usage and waste.; ; Whenever possible and practical, we source from suppliers with robust ethical and environmental practices, such as Apple and Microsoft, who provide comprehensive reports on their environmental impact.; ; We encourage staff to consider the environment in all aspects of their work, promote the use of public transport among employees and directors, and provide visitors with public transport options to our offices. Lastly, we're committed to improving energy efficiency in our workplace.

Pricing

• Price: £675 to £1,500 a unit a day
• Discount for educational organisations: No
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at ainsley@growcreate.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.