COMCEN COMPUTER SUPPLIES LIMITED

Pisys Hosting

Pisys provide hosting solutions including Infrastructure, emails and servers through Office 365, Azure and Amazon Web Services,

Features

• Real Time Reporting
• Remote Access
• Monitoring
• Disaster Recovery
• Anti Malware/Virus

Benefits

• Flexible Working
• Bespoke solutions

£150 a virtual machine a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rachel.powell@pisys.net. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

189828615997797

Contact

Rachel Powell
01792464748
rachel.powell@pisys.net

Service scope

• Service constraints: All hardware and operating systems must be up to date and within the manufacturer life cycle. All contracts would require a 12 month maintenance contract.
• System requirements:
  • Payment of Licence Fees either annually or monthly
  • All software versions must be up to date

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: We respond immediately to all telephone enquiries and can respond within 15 minutes to all email enquiries (depending on SLA)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Web chat
• Web chat support availability: 24 hours, 7 days a week
• Web chat support accessibility standard: None or don’t know
• How the web chat support is accessible: Users can directly access support via the our web site
• Web chat accessibility testing: Pisys uses Logmein as its main Web Chat interface which is a click to run application meaning it will use accessibility tools installed on their operating system.
• Onsite support: Yes, at extra cost
• Support levels: 2 - supports levels available:; A pay per device (from £25.00 per PC) or a site agreement (cost depending on the customers size and requirements); We can provide both a technical account manager and cloud support engineer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Help is available to users in many forms including on-line or remote training plus Pisys supply all necessary documentation. On-site training is also available.
• Service documentation: Yes
• Documentation formats:
  • ODF
  • PDF
• End-of-contract data extraction: Pisys provide an standard off boarding process to each client when the contract ends. Full documentation including admin passwords and user accounts is provided in PDF format.
• End-of-contract process: At the end of the contract a handover process is followed to ensure all necessary documentation is provided to the client or third party as required.

Using the service

• Web browser interface: Yes
• Using the web interface: Customer can log and update tickets. This includes full update rights to the created ticket such as changing priority, add notes and contact details.
• Web interface accessibility standard: WCAG 2.1 AA or EN 301 549
• Web interface accessibility testing: PiSys uses Logmein as its main Web interface which is a click to run application meaning it will use accessibility tools installed on their operating system.
• API: Yes
• What users can and can't do using the API: Records management; Microsoft has established internal records-retention requirements for back-end data. Customers are responsible for identifying their own record retention requirements. For records that are stored in Azure, customers are responsible for extracting their data and retaining their content outside of Azure for a customer-specified retention period.; ; Azure allows customers to export data and audit reports from the product. The exports are saved locally to retain the information for a customer-defined retention time period.; ; Electronic discovery (e-discovery); Azure customers are responsible for complying with e-discovery requirements in their use of Azure services. If Azure customers must preserve their customer data, they may export and save the data locally. Additionally, customers can request exports of their data from the Azure Customer Support department. In addition to allowing customers to export their data, Azure conducts extensive logging and monitoring internally.
• API automation tools: Terraform
• API documentation: Yes
• API documentation formats:
  • PDF
  • Other
• Command line interface: Yes
• Command line interface compatibility:
  • Linux or Unix
  • Windows
  • MacOS
• Using the command line interface: Technical users can perform maintenance tasks through our command line interface

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Regular capacity planning is required as part of Microsoft's EBCM program. Service teams review capacity during quarterly reviews, during emergency situations that warrant more capacity review.; ; The raw data for capacity planning is maintained by each service team and includes metrics like system processing, memory, and hardware capacity. Scheduled reviews use models of the system's current capacity and test it against projected needs in emergency situations. If the model indicates gaps in capacity, proposed changes to system capacity are submitted to service team leadership for review. Approved changes are incorporated into a new model before implementation by service team engineers.
• Usage notifications: Yes
• Usage reporting: Email

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Microsoft Azure, Amazon Web Services, Microsoft Office 365

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: Yes
• Datacentre security standards: Managed by a third party
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a Tigerscheme qualified provider or a CREST-approved service provider
• Protecting data at rest: Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type: Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Files and folders
  • Virtual machines
  • Site backups
  • Physical Machines
  • Databases
  • SAAS - Office 365, Azure, OneDrive, Sharepoint
• Backup controls: Client informs us what is required to be backed up and we would configure the system accordingly. Multiple schedules are supported, Off-site and on-site backups.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Other
• Other protection between networks: Client data will always remain on their own network.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Our guaranteed availability is provided under the Microsoft SLA. A service credit (which is a percentage of the applicable monthly service fee can be credited to the customer). Some service such as virtual machines will offer up to 100% service credit when the monthly uptime percentage falls below 95% and 25% when uptime falls below 99.99%. Other services such as Microsoft Azure functions will offer a maximum of 25% service credit when the monthly uptime percentage falls below 99%; ; Microsoft datacenters are engineered to provide 99.999% availability to meet customer SLAs and service needs. Microsoft invests significantly in the global operations, management, networks, and sustainability of facilities that deliver services 24x7x365.
• Approach to resilience: Datacenters managed by Microsoft have extensive layers of protection: access approval at the facility’s perimeter, at the building’s perimeter, inside the building, and on the datacenter floor. Layers of physical security are:; ; Access request and approval. You must request access prior to arriving at the datacenter. You're required to provide a valid business justification for your visit, such as compliance or auditing purposes. All requests are approved on a need-to-access basis by Microsoft employees. A need-to-access basis helps keep the number of individuals needed to complete a task in the datacenters to the bare minimum. After Microsoft grants permission, an individual only has access to the discrete area of the datacenter required, based on the approved business justification. Permissions are limited to a certain period of time, and then expire.; ; Facility’s perimeter. When you arrive at a datacenter, you're required to go through a well-defined access point. Typically, fences made of steel and concrete encompass every inch of the perimeter. ; ; Building entrance. The datacenter entrance is staffed with professional security officers who have undergone rigorous training and background checks. ; ; Inside the building. After you enter the building, you must pass two-factor authentication with biometrics to continue moving through the datacenter.
• Outage reporting: Monitoring which logs a ticket plus email alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Through user access control; ; Password manager,; ; Documentation manager
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through: Dedicated device over multiple services or networks

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: Between 1 month and 6 months
• How long system logs are stored for: Between 1 month and 6 months

Standards and certifications

• ISO/IEC 27001 certification: No
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: Other
• Other security governance standards: Cyber Essential plus
• Information security policies and processes: Pisys's security governance program is informed by and aligns with various regulatory and compliance frameworks. Security requirements are constantly evolving to account for new technologies, regulatory and compliance requirements, and security threats. Because of these changes, Pisys regularly updates our security policies and supporting documents to protect our systems and customers, meet our commitments, and maintain customer trust. ; ; Pisys has the Cyber Essentials Plus accreditation and follows reporting structure laid out within their terms and conditions. Our escalation procedure begins with account manager up to line manager up to business unit director. ; ; All security features are evaluated on a monthly basis by the business unit director to ensure all policies are followed.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Following an authorised contact from the client would inform our support team. Depending on the level/size of the change either make change of escalate to a manager for review.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Scan for missing patches on a daily basis,; All critical patches will be installed within 2 weeks from release.; Information is provided through several sources including Microsoft patch catalogue. ; National Cyber Security centre - alerts in general.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Identification is normally through received alerts.; Our Endpoint / Server protection.; All alerts will be logged as high priority tickets and actioned with an hour.
• Incident management type: Supplier-defined controls
• Incident management approach: The management and operation of the Azure production network is a coordinated effort between the operations teams of Azure and Azure SQL Database. The teams use several system and application performance-monitoring tools in the environment. And they use appropriate tools to monitor network devices, servers, services and application processes.; ; To ensure the secure execution of services running in the Azure environment, the operations teams implement multiple levels of monitoring, logging and reporting. All incidents are reported to the customer via phone or email ticket. Incident reports are also provided via out ticket system and internal monitoring tools.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Third-party
• Third-party virtualisation provider: Microsoft
• How shared infrastructure is kept separate: Azure is a multi-tenant service, which means that multiple customer deployments and VMs are stored on the same physical hardware. Azure uses logical isolation to segregate each customer’s data from the data of others. Segregation provides the scale and economic benefits of multi-tenant services while rigorously preventing customers from accessing one another’s data.; ; At-rest data protection: Customers are responsible for ensuring that data stored in Azure is encrypted in accordance with their standards. Azure offers a wide range of encryption capabilities, giving customers the flexibility to choose the solution that best meets their needs.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Microsoft has operated carbon neutral since 2012. By 2030, Microsoft will be carbon negative and by 2050, Microsoft will have removed from the environment all the carbon the company has emitted either directly or by electrical consumption since it was founded in 1975. By 2025, Microsoft datacenters will be supplied by 100 percent renewable energy. To accomplish this goal, Microsoft has implemented contracting tools such as proxy generation power purchase agreements for green energy to supply 100 percent of the carbon-emitting electricity consumed by all datacenters.; ; Microsoft employs various safeguards to protect against environmental threats to datacenter availability. These safeguards enable Microsoft to provide secure and available cloud platforms that are trusted by customers.; ; Site selection: Protecting Microsoft datacenters from environmental hazards begins with site selection. Microsoft datacenter locations undergo stringent assessment prior to selection for datacenter construction. Microsoft datacenter sites are strategically selected to minimise risk from several factors, including floods, earthquakes, hurricanes and other natural disasters. In addition to minimising environmental risk, access to low-cost energy and reliable telecommunications infrastructure are among the key factors that influence datacenter site selection.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Tackling economic inequality
  • Wellbeing

  Fighting climate change

  Pisys is deeply committed to contributing to the global effort of carbon footprint reduction and aligning our operations with the UK Government's Net Zero 2050 target. Our approach is multifaceted, encompassing operations changes, strategic project management, supply chain monitoring and engaging our workforce in our environmental goals. Here's a detailed look at our initiatives and plans: Operations Changes: Renewable Energy: We aim to transition to 100% renewable energy by 2026. Carbon Emissions Reduction: Our goal is to reduce hardware carbon emissions by 70% by 2030, emphasising circular computing procurement to achieve this target. Fleet Transition: We have transitions 50% of our fleet to electric. By 2030, we plan to convert the rest of our vehicle fleet to electric, supporting the wider transition to low-emission transportation. Waste Management: Adhering to Green Dragon benchmarking and WEEE regulations, we are committed to using recycled packaging and achieving zero waste to landfill by 2030. Sustainability Reporting: Starting in 2024, we will publish an annual sustainability report to showcase our environmental performance and drive continuous improvement. Plastic Free Champions: Our offices, especially in coastal Swansea, focus on recycling and reducing plastic waste, aligning with initiatives like plasticfree.org.uk. Strategic Project Management for CO2 Footprint Reduction: Delivery and Warehousing Efficiency: By tracking delivery distances and consolidating goods, we aim to minimise trips and associated emissions. Sustainable Project Options: Advising clients on energy-efficient solutions to ensure long-term environmental and financial benefits.

  Tackling economic inequality

  Our Award-Winning apprenticeship scheme has seen remarkable success since 2018. Remarkably, 85% of our apprentices have been offered and accepted full-time positions within our company, illustrating the scheme's effectiveness in providing meaningful career paths. Their journeys from apprentices to roles such as engineers, senior solutions specialists and even management positions testify to the program's success and our dedication to internal career development. In 2023, we hired two Help Desk Apprentices, one Degree Apprentice, and five individuals through the PLA Programme. Additionally, two 16-17 year-olds embarked on NVQ Level 2 IT Professional qualifications. Our commitment extends to hiring a sales administrator apprentice through Job Growth Wales Plus. A landmark initiative for 2024 is our partnership with local Colleges, set to offer project-based placements to students specialising in IT, Marketing and eCommerce. This initiative is designed to offer real-world experience to students, bridging the gap between academic learning and practical application. Through this partnership, we aim to bring fresh perspectives into our operations while providing students with invaluable insights into the industry, equipping them with the skills and experience needed to thrive in their future careers. Our commitment extends to teaching IT productivity and security skills in local schools, empowering the community with valuable technological knowledge. In 2023 alone, we devoted 8 days to conducting mock interviews at schools and colleges for year 10, 11, and 12 pupils, providing them with vital experience and guidance in crafting effective responses during interviews. Pisys's dedication to employment and skills is showcased through diverse initiatives and partnerships. We collaborate with specialised recruitment agencies, including FirstGens for first-generation university students and the Diversity Jobs Group, supporting ethnic minorities and those facing long-term unemployment.

  Wellbeing

  Supporting our team's professional and personal growth is a key priority. Our pioneering 4-Day Week initiative has been a testament to our commitment to work-life balance, leading to enhanced productivity and job satisfaction. In the realm of professional development, we encourage employees to complete training sessions with manufacturers and even provide bonus schemes for those completing training in line with our strategic goals, such as cyber security, Microsoft certifications, accreditations that secure Gold and Platinum status for Pisys. We also have a catalogue of Free training with Pisys eCampus for both Pisys staff and our customers on topics such as cyber security, remote working, Microsoft 365, wellbeing, Windows 10 and 11, leadership, customer service, selling skills and more.

Pricing

• Price: £150 a virtual machine a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at rachel.powell@pisys.net. Tell them what format you need. It will help if you say what assistive technology you use.