Mazepoint Limited

Mazepoint Hosting Service

This service provides virtualized Windows machines, each running on their own VLAN for security to support Mazepoint’s Software and Support services. Servers are either on Microsoft Azure or on hardware owned by Mazepoint, hosted in secure, climate-controlled facilities run by Telehouse, a subsidiary of KDDI, with regular offsite backups.

Features

• Infrastructure managed by Mazepoint on Azure or on Mazepoint hardware
• Extra server resources on request
• Virtual machine specification and configuration, tailored to specific requirements
• Archiving, backup, backup restoration and disaster recovery included
• System logging and analysis for service reporting
• Security, encryption, firewall and intrusion protection to two audited standards
• Optional PEN testing through third parties
• Offsite recovery to secondary data centre
• Lower cost than mainstream suppliers for management, usage and availability
• Virtual networks segregating customers and services for greater security

Benefits

• Reduced burden on internal IT personnel and systems
• Easily scaleable to demand
• Ensures the right resources for the right workload
• No additional backup hosting required, fast backup restoration when required
• Full audit trail of system usage, track user adoption, fraud
• Confidence that best practice and vigilance is being applied
• Option to increase security levels as required
• Greater system, data and application security and redundancy
• Greater economic benefit
• Service is not shared with other organisations, exclusive use

£400 a unit a month

• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jnoble@mazepoint.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

191019887162852

Contact

James Noble
020 7348 7600
jnoble@mazepoint.com

Service scope

• Service constraints: Processing capacity on individual virtual machines requires machine restart. The service will be taken offline for upgrade patching on a timetable agreed with each customer. This hosting service can only be purchased in conjunction with one of Mazepoint's software services.
• System requirements: None

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Response times are governed by the impact level and urgency of specific issues, how they are categorised and the level of support purchased. Under our standard support package, issues classified as CRITICAL are responded to within 2 hours with target resolution of 8 hours. HIGH priority issues are responded to within 2 hours with a target resolution of 2 work days. MEDIUM priority issues are responded to within 2 hours with a target resolution of 3 work days. LOW priority issues are responded to within 2 hours with a target resolution of 5 work days. Weekend support is different.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AA or EN 301 549
• Phone support: Yes
• Phone support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our approach to service levels is based on ITIL standards and is detailed in our Service Description document. In principle it supports the identification, management, resolution, and considered future mitigation of issues through a multi-level support structure, contactable through various channels and operating during normal UK office hours of 8:30 - 17:30, Monday to Friday (except UK public holidays and the period between Christmas and New Year). Other support arrangements are available on request.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Tailored to each customer's requirements, can include onsite, online training and user documentation
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Each of the Cloud Software Service Definitions describes the procedures for extracting data at the end of contract. Hosting data logs are available from the support team on request and may incur a charge based on the SFIA rate card.
• End-of-contract process: Once the service comes to an end, customers are given 7 days to backup and download their data themselves. Should they require our help then this is available at an extra cost. After this period, the virtual machine is disposed of securely. Backups of the virtual machine will be kept for 30 days unless otherwise requested by the customer to be deleted securely sooner.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Manual
• Independence of resources: Server capacity is managed within the virtualisation environment which is controlled by the infrastructure team using monitoring tools. Systems usage and capacity are monitored using a multitude or alerts and logs which provide details on potential performance and capacity limits. Performance of specific customer applications is monitored regularly to ensure continuity of service. Customer websites and applications are continuously monitored with Site24x7. Project managers, delivery and support staff will be immediately updated on any resource capacity issues that arise on a customer's environment and extra resources applied where appropriate.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: We receive alerts if CPU, memory or disk access is within 90% of capacity which we can pass on to the customer.; We also speak to the main system administration contact at the customer site.

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
• Other metrics: Provided on request
• Reporting types: Reports on request

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Hardware containing data is completely destroyed
• Equipment disposal approach: In-house destruction process

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Virtual machines
  • Applications and files residing on virtual machines
• Backup controls: Backups are automated and run daily between 22:00 and 08:00. Offsite backups are performed during the day. The backup schedule will backup an entire VM and its contents. Backups are encrypted in rest and transit. They are held for 30 days.; ; A customer can request a specific backup or restoration outside of the normal window as a task in the support system.; ; Please refer to our service definition document for more information
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Users contact the support team to schedule backups
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Availability is defined as the time the service is available during the agreed service window i.e. outside of agreed downtime for maintenance and upgrades. Any further agreed downtime does not count towards the service availability statistic. Generally, Mazepoint offers a 99.7% service availability measured on a monthly basis which will be confirmed in the SLA. Any case of a breach of an SLA will be reported as an incident in Mazepoint's support ticketing system and assigned an impact and urgency level, which is accessible to the client.
• Approach to resilience: The underlying virtualised infrastructure runs on resilient host hardware. Virtual machines can be migrated between hosts with no loss in service and minimal disruption. ; Firewalls are clustered and configured to failover in the event of a node failure. ; Mazepoint’s data centre provider has highly resilient infrastructure including dual power feeds & backup generator capacity, and redundant cooling, offering power uptime SLA’s of 99.999%. ; Internet connectivity is multi-homed via several suppliers to ensure continuous connectivity in the event of an ISP failure.
• Outage reporting: Service availability at a client level is continuously monitored by Mazepoint. Any service failures will alert the Mazepoint Infrastructure team who will deal with the issue accordingly. An incident support ticket will be created, alerting the customer, and will be resolved in accordance to the agreed SLA. Live public service dashboards and direct email alerts are available on request at an additional cost.

Identity and authentication

• User authentication:
  • Identity federation with existing provider (for example Google apps)
  • Dedicated link (for example VPN)
  • Username or password
• Access restrictions in management interfaces and support channels: Mazepoint’s User Access Management Policy establishes the procedures for restricting access to prevent unauthorised use of information systems. The procedures are documented for new users, managing change, password and privilege management as well as regular reviews of user-access rights. Group-based permissions are supplied within each service application, generally administered by the customer, with the capability to control each user’s data and information access rights down to an individual data cell. Mazepoint’s Password Security Policy establishes the standards required for password complexity and compliance measurement. Access to Mazesupport, Mazepoint’s support ticketing system is governed by similar user access rights and passwords.
• Access restriction testing frequency: At least once a year
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
• Description of management access authentication: Management access is operated through the Mazesupport ticketing system and implemented by Mazepoint staff subject to the contract and Service Level Agreement. There is no direct access management portal.
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: At least 12 months
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: British Assessment Bureau Limited
• ISO/IEC 27001 accreditation date: 13/09/2012
• What the ISO/IEC 27001 doesn’t cover: There are no exclusions to Mazepoint's ISO27001 certification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: Without exception, all Mazepoint staff are contractually obliged to adhere to the principles of ISO27001:2013 and the GDPR in respect of information security. The company’s ISO27001 accreditation is based on a variety of policies, procedures, risk assessments and responsibilities, all of which are subject to regular external and internal audits, and staff are regularly reminded of their obligations and notified when policies and procedures are updated. The company’s ISO accreditation is led by the Managing Director, the management representative, who retains responsibility for overall observance of policies, processes and updates while delegating responsibility for monitoring and compliance, primarily to the infrastructure and administration teams but also to the software development and new business teams. Each policy and process includes compliance measurement which is carried out by the policy owner and verified by the management representative. The company’s online Information Security Management System maintains all policy and process information, including ISO9001:2008 documentation and the Feedback Reporting System for use by all staff. The Managing Director and all team leaders attend the audits to ensure that any observation or potential non-conformance is addressed with the appropriate level of urgency, and management reviews are carried out and documented by the management representative.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: Mazepoint follows the ITIL methodology for configuration and change, defined mainly as Standard or Normal. Requests are logged via Mazepoint's support ticketing system (Mazesupport) and assessed in terms of impact and urgency. A priority matrix is referred to determining the response and resolution time for each request. For system critical items, users are also required to inform Mazepoint by telephone. Users will be notified of an approximate time for resolution at the outset and regularly updated until completion.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Mazepoint’s Vulnerability Management Policy documents this process which is enforced by the infrastructure team. Common vulnerabilities and exposures are routinely checked in accordance with the CVE database and other third party sources. Systems are monitored to detect and assess vulnerabilities which are then classified and prioritised by risk and urgency. Vulnerability removal is then planned and executed. Software updates are applied on a regular basis or immediately in the case of high risk, urgent vulnerabilities. User identity and access rights, hardware and software configuration standards, and network vulnerabilities are all regularly reviewed, assessed and tested, and remediation plans implemented.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Mazepoint have monitoring and alerting procedures for their systems and processes. Alerts and monitoring checks will notify the Infrastructure and Application team who will act on each issue. The process for managing incidents is documented in the Information Security Incident Management Policy, including recording incidents, notifying stakeholders and implementing any additional risk mitigation measures.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Mazepoint’s Information Security Incident Management Policy documents this process. Security incidents that have a direct impact on a customer’s application or data will result in the customer being contacted immediately following incident identification, as well as the Information Commissioner's Office if applicable. Security incidents are logged in Mazepoint’s support ticketing system, Mazesupport, and the progress of open tickets tracked. Upon closure of a security incident ticket, the customer will receive a full report covering the time the incident was identified to its resolution. Monthly security and service reports are available to the customer at an additional cost.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: Hyper-V
• How shared infrastructure is kept separate: Mazepoint use VLANs to segregate networks and customers. All data in transit across the network, including VLANS, passes through the firewall. The firewall will block all traffic movement by default and rules are only created when a supported business case has been approved and is required for service use. Under no circumstances would a firewall rule be created that allows different organisations to view other resources other than their own.; ; Access to firewall rules are restricted to Infrastructure staff only and are regularly reviewed.; ; Please refer to the service definition document for more information

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Mazepoint's infrastructure is contained within Telehouse data centre which utilise a low PUE and efficient power and cooling.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity
  • Wellbeing

  Fighting climate change

  Mazepoint is fighting climate change by prioritising remote work, reducing carbon emissions from commuting. Implementing energy-efficient practices in data centers, using renewable energy sources where possible, and offering eco-friendly digital solutions can significantly lessen their carbon footprint. We are advocates for sustainable practices industry-wide to support environmental conservation.

  Covid-19 recovery

  Mazepoint is assisting COVID-19 recovery by offering remote Software as a Service tools for businesses adapting to remote work.

  Tackling economic inequality

  Mazepoint addresses economic inequality by offering affordable access to their software for underserved communities and providing skill development programs and job opportunities, offering work placements and training. We also collaborate with the charitable sector and implement inclusive hiring practices which foster socioeconomic diversity and reduce economic differences.

  Equal opportunity

  Mazepoint promotes equal opportunity by ensuring that diversity and inclusion are applied consistently in hiring and advancement decisions. This is underpinned by the company’s Equal Opportunities Policy.

  Wellbeing

  Mazepoint promotes wellbeing by prioritising work-life balance for all of its staff, all of whom work remotely and have the flexibility to collaborate in teams as well. The company has a dedicated HR resource to ensure that the company is fully supportive of any mental health, sickness or stress-related issues to ensure that a culture of general wellbeing is maintained. Regular staff feedback is requested to ensure that any personal difficulties are not overlooked.

Pricing

• Price: £400 a unit a month
• Discount for educational organisations: No
• Free trial available: Yes
• Description of free trial: Please refer to our service definition document for more information

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at jnoble@mazepoint.com. Tell them what format you need. It will help if you say what assistive technology you use.