THRIVE OPERATIONS LIMITED

Thrive – Managed DR as a Service (DRaaS)

Thrive DRaaS protects your critical business technology infrastructure with our disaster recovery solutions. Exceed even the most challenging Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) with our complete portfolio of business continuity solutions; from disaster recovery consulting and planning, to full restoration of mission-critical applications and services.

Features

• Tier 3+ Data Centre accredited to ISO9001 and ISO27001 standards
• 100% uptime available through Thrive Business Assured Guarantee
• Frequent, automated data checks ensure ongoing data integrity and availability
• 24x7 support service access from Thrive UK Technical Assistance Centre
• Recovery Point Objective of seconds, Recovery Time Objective of minutes
• Secure data centre, data encryption at rest and in motion
• Real-time replication of business-critical data
• Non-impacting simulated testing for recovery assuranc

Benefits

• Flexible and scalable to quickly adapt to changing demand
• Pay monthly for what you need frees up capital expenses
• End-to-end security provides compliant data protection
• Best-in-class hardware and software components deliver high performance, industry-leading SLAs
• Easy to set-up and manage; eliminates on-site maintenance

£230.00 a unit a month

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pcotterill@thrivenetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

197582348923651

Contact

Phil Cotterill
01582 429999
pcotterill@thrivenetworks.com

Service scope

• Service constraints: The Disaster Recovery service is for VMWare and Hyper-V Hypervisors Only
• System requirements: Disaster Recovery must be for VMware or Hyper-V

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Range of SLA's from P1 (15 min confirmation, 30 min engineer response & 2 hour resolution) to P4 (Service request: 1 hour confirmation, 24 hour engineer response and 48 hour resolution)
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: The SLA is negotiable dependent upon on the requirements of the customer.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Thrive complete the install of the DRaaS services and will facilitate a seed load if the data size warrants it. Thrive will configure (with the customer) all DR protection groups. Sandboxed DR tests will be completed as part of the sign off criteria for the start of the service.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: For DRaaS no data is required to be removed as it is not a long term retention and a replication of customer datasets.
• End-of-contract process: The contract can be renewed. If the contract is not renewed it would be normal practice to have an alternate DR service in place and run them in parallel until the desired retention is achieved within the new service. If required the contract can be extended for the amount of time required to achieve the desired retention on the replacement service.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type: Automatic
• Independence of resources: All services are run within a strict capacity management processes. Thrive use capacity management tools ensure there is a minimum capacity resource of 30% available. Additional components are added to maintain a minimum of 30% capacity availability.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Via client portal

Analytics

• Infrastructure or application metrics: No

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Conforms to BS7858:2019
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with another standard
  • Encryption of all physical media
• Data sanitisation process: Yes
• Data sanitisation type:
  • Explicit overwriting of storage before reallocation
  • Deleted data can’t be directly accessed
  • Hardware containing data is completely destroyed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: No

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Other
• Other protection between networks: WAN circuits are used. The customer can choose what to use; a PtoP link or MPLS or even an encrypted VPN tunnel over the internet.
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Thrive offer service credit backed 100% availability on its DraaS Services.
• Approach to resilience: Thrives servicea are fully redundant between two Datacentres's with all system components existing at both sites. All the systems are running on a fully redundant Flexpod architecture with no single points of failure.; The DR service is a hot standby copy of live servers in one of Thrives datacenters. The hot standby vm's are hosted on a fully redundant Flexpod architecture with no single points of failure.
• Outage reporting: The systems are monitored 24/7 and use e-mail alerting into the Thrive 24/7 support team.

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Access restrictions in management interfaces and support channels: To access the web portal each customer is granted an admin user with which they can manage their own security for additional staff if required.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: Between 1 month and 6 months
• Access to supplier activity audit information: You control when users can access audit information
• How long supplier audit data is stored for: At least 12 months
• How long system logs are stored for: Between 6 months and 12 months

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: SGS UK Limited
• ISO/IEC 27001 accreditation date: 30/06/2021
• What the ISO/IEC 27001 doesn’t cover: All items not defined by our scope of certifcation and statement of applicability version 3.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications:
  • Cyber Security Essentials
  • Cyber Security Essentials Plus
  • CISSP
  • CISM
  • CIS

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards:
  • ISO/IEC 27001
  • Other
• Other security governance standards: Personal Information Standard BS10012:2017
• Information security policies and processes: The information security policies and processes followed by Thrive are in line with the ISO27001 specification.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Thrive using best practice as outlined in the ITIL framework
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: Vulnerabilities are managed within Thrives in house service management system. Vulnerabilities are identified through vendor notification, onsite tools and systems. Each vulnerability is assessed to ensure high priority items are actioned immediately in accordance with Thrives change processes. All vendor security patching and vulnerabilities are actioned immediately. Other vulnerabilities are reviewed at Operations Meetings and scheduled for assessment and rectification appropriate to the issue. Thrives cloud design is highly resilient with multiple layers of security to ensure vulnerabilities are minimised or removed. The mature platform has been operational for many years with no client outages or client affecting security impacts.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: Thrive staff are located on site at Thrives datacentre premises to continuously monitor all aspects of our Services. Thrive use multiple monitoring applications across all aspects of the service from environment, security, VMware, OS and infrastructure. All monitoring platforms alarm on triggered events but also threshold breaches. By monitoring in this way Thrive mitigate all impacts before they become client effecting. ; ; All elements up to and including Microsoft or Linux Operating Systems are monitored and alerts are sent to the service team 24x7. Security patching and vulnerabilities from Microsoft or VMware are actioned immediately.
• Incident management type: Supplier-defined controls
• Incident management approach: Incidents are captured from customers, Thrives engineers and monitoring platforms, and adhere to the nine ITIL Incident Management activities. Each incident Event is logged on Thrives management system and categorised in agreement with the customer according to the business impact; Priority 1 - Network down 30 minutes engineering response. Priority 2 - Major loss of service 30 minutes engineering response. Priority 3 – Non-urgent 4 hours engineering response. Thrive Engineers work to resolve the issue through telephone support, diagnostics tools or vendor support. All resolution activities are documented and the incident is closed upon the customer’s approval.

Secure development

• Approach to secure software development best practice: Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: At the netwoking layer, VLAN's are used all the way into dedicated customer Firewalls.; Within the virtual environment, VmWare vCloud Director virtual datacenters are used for the separation.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: The Thrive Datacentre has an energy power usage efficiency (PUE) rating of 1.3 and achieves this through the use of Fresh air cooling systems (using outside ambient fresh air rather than chillers whenever possible) as well as utilising hot isle containment and efficient UPS systems.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery
  • Tackling economic inequality
  • Equal opportunity

  Fighting climate change

  Thrive are providing additional environmental benefits in the performance of the contract such as flexible working, car share programs for office based staff and are actively working towards net zero greenhouse gas emissions as well as ISO14001 certification.

  Covid-19 recovery

  Thrive are a high growth business operating in a high growth sector and have created new employment opportunities, offer re-training via our Rising Tide program and other return to work opportunities for those left unemployed by COVID-19.

  Tackling economic inequality

  With our cloud and cloud managed cyber security offerings Thrive are creating a number of new roles across our organisation. In the last year the team has grown by over 300 people as we create employment and training opportunities. The current skills shortage in the UK for cyber security staff currently stands at 11,200.; Thrive has also been supporting educational attainment relevant to our G-Cloud offerings, including training to address skills gaps and result in recognised qualifications.

  Equal opportunity

  Through our "Rising Tide" program, that has been in place since 2020, Thrive are fully supporting in-work progression to help people, including those from disadvantaged or minority groups, to develop their careers and move into higher paid work by developing new skills many that are relevant to the services we are offering through the G-Cloud program.

Pricing

• Price: £230.00 a unit a month
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at pcotterill@thrivenetworks.com. Tell them what format you need. It will help if you say what assistive technology you use.