Wanstor Ltd

O365 Backups

Microsoft provides powerful services within Office 365 – but comprehensive backup of your data is not one of them.
Wanstor’s Backup for M365 eliminates the risk of losing access and control over your O365 data, including Exchange, OneDrive and Teams – so that your data is always protected and accessible.

Features

• Securely backup Office 365
• Protect your Office 365 data from accidental deletion
• Monthly subscription service
• Quickly restore individual Office 365 email, files and sites
• Meet legal and compliance requirements with efficient eDiscovery
• Backups monitored 24/7 by Wanstor service desk

Benefits

• Setup and operational in minutes
• Wanstor's service desk team can recover data or servers 24x7
• Entire restore process is completed by Wanstor on your behalf
• Integrates with Veeam Availability Suite or Backup and Replication
• Data resides in the UK
• Help's ensure compliance with industry regulations
• Help's to preserve an organisations reputation with customers and partners
• Maintain employee productivity and organisational ability to process transactions

£0.07 a gigabyte a month

• Education pricing available
• Free trial available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@wanstor.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

213007859908624

Contact

Wanstor
02075927860
sales@wanstor.com

Service scope

• Service constraints: Support is for the cloud connection service, the client is responsible for their on-premise Veeam backups unless otherwise agreed.
• System requirements:
  • Veeam Availability Suite
  • Veeam Backup & Replication
  • Veeam Backup Essentials

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Priority 1 - 30 minutes; Priority 2 - 2 hrs; Priority 3 - 4 hrs; Priority 4 - 8 hrs
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: WCAG 2.1 AAA
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: Yes, at an extra cost
• Web chat support availability: 9 to 5 (UK time), Monday to Friday
• Web chat support accessibility standard: WCAG 2.1 AAA
• Web chat accessibility testing: Wanstor works with a variety of customers. The testing and web chat services we provide includes: ; ; Adjustable time settings; All functionality is available via keyboard; Users can easily see and hear content, and understand what is in the foreground vs background; Users can pause, stop or hide content manually; Page flashes are less than 3 times per second to prevent seizures; Web and chat pages are easily navigable in a logical and intuitive manner; Headings are easily readable; Input modalities - For different types of users we can provide pointer gestures, label in names, motion actuation and a variety of concurrent input mechanisms; All chat and web pages appear and operate in predictable ways and give clear indication of where information needs to be submitted
• Onsite support: Onsite support
• Support levels: Customer calls which are raised are usually a priority 3 call relating to operational questions, advice or a change in service. This carries an 8 hour response time and a 85% SLA to resolution within 8 hours. Support is operated by the engineering team, each client has their own account manager. Wanstor do not directly provide support and maintenance of the customers operating systems, applications or onsite backups (unless agreed separately).
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Wanstor provide a fully managed setup and on-boarding process. The solution setup and data migration is completed by Wanstor with the customer updated throughout the project.
• Service documentation: Yes
• Documentation formats:
  • HTML
  • ODF
  • PDF
• End-of-contract data extraction: All data is controlled from the existing Veeam console and can be restored back on premise if required.
• End-of-contract process: To renew the service no changes will need to be made. To cancel the service, all data will be removed and the repository will be deleted.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: Yes
• Scaling type:
  • Automatic
  • Manual
• Independence of resources: Wanstor monitors 24x7 data storage usage and ensures there is always sufficient storage within our platform. Internet bandwidth is also monitored in real-time to make sure sufficient capacity is available and can be used.
• Usage notifications: Yes
• Usage reporting:
  • Email
  • Other
• Other usage reporting: Reporting analytics through Service Now delivered via Power BI, and reviewed at monthly service reviews

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • CPU
  • Disk
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
• Reporting types:
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra features and support
• Organisation whose services are being resold: Veeam

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: Up to Security Clearance (SC)

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations: United Kingdom
• User control over data storage and processing locations: No
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest:
  • Physical access control, complying with CSA CCM v3.0
  • Physical access control, complying with another standard
• Data sanitisation process: Yes
• Data sanitisation type: Deleted data can’t be directly accessed
• Equipment disposal approach: A third-party destruction service

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • Full Virtual Machines
  • Files
  • Databases
  • Applications
  • Operating Systems (OS)
• Backup controls: Backups are completely custom made and can be requested on a daily, monthly, quarterly or annual basis with user-definable retention periods. This is all controlled in the same manner local backups would be from the Veeam console.
• Datacentre setup:
  • Multiple datacentres with disaster recovery
  • Multiple datacentres
  • Single datacentre with multiple copies
  • Single datacentre
• Scheduling backups: Users schedule backups through a web interface
• Backup recovery: Users can recover backups themselves, for example through a web interface

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: 100% uptime with a 200% service credit for the outage time affected.
• Approach to resilience: Operating within Tier 3, data centres with multiple power supplies, generators and cooling units for resilience. Our Veeam configuration is maintained under strict change control and protected by internal processes and procedures. Our network connectivity is provided separately from two Points of Presence in two diverse Tier3 data centres, away from the server environment, where our core internet routers reside, these connect us to our four main internet providers in a BGP configuration. Networking connectivity is one of the most common causes of data centre outages and we have the ability to survive multiple failure scenarios in our design.
• Outage reporting: In the event of an outage, email and text alerts are sent to keep you informed of the progress in resolving any issues.

Identity and authentication

• User authentication:
  • Public key authentication (including by TLS client certificate)
  • Username or password
  • Other
• Other user authentication: Cloud connect is accessed directly from the on-premise Veeam console, any authentication on-premise need to be entered to access the cloud repository. In addition to this, the connection to the repository requires a username/password and 2 factor RSA.
• Access restrictions in management interfaces and support channels: In line with ISO2700 Information Security accreditation, user accounts are set up with specific access using a role-based access system that ensures granularity of the available services within the environment.
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Dedicated link (for example VPN)
  • Username or password
• Devices users manage the service through:
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device over multiple services or networks
  • Any device but through a bastion host (a bastion host is a server that provides access to a private network from an external network such as the internet)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI
• ISO/IEC 27001 accreditation date: 31/01/2016
• What the ISO/IEC 27001 doesn’t cover: We cover everything under this qualification.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: Yes
• Any other security certifications: IASME governance

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: In line with 27001 Information Security requirements.

Operational security

• Configuration and change management standard: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Configuration and change management approach: A change control process in-line with our ISO27001 procedures.
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: The Wanstor Security Steering Group uphold the Risk Management Policy which is aligned to ISO27001 data risk management best practices. ; ; We assess threats to services on a real time basis by using a range of network and security monitoring tools from vendors such as Trend Micro and PRTG. We work with ManageEngine and use their desktop central product. This automatically deploys patches across all major operating systems as soon as they are released. We gather information about threats from a variety of sources including vendors e.g. Symantec, Checkpoint, Cisco, Microsoft etc, and the centre for internet security.
• Protective monitoring type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Protective monitoring approach: In line with our Audit and Monitoring Policies - The Wanstor Security Manager must be informed immediately of any unusual traffic flows or network device activity that arises from regular network monitoring or alerts. Quantitative or qualitative information on network activity may indicate either device failure or network attacks. The Security Manager needs to be made aware of this activity to investigate the possibility of a network attack that requires remedial action or escalation.
• Incident management type: Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
• Incident management approach: Wanstor follows an ITIL based approach to incident management. We have a range of pre-defined processes and escalation paths depending on the nature of the incident being reported by the user. Users can report IT incidents through Phone, Email, Chat and via a Website.; ; We can provide incident reports to users in the form of an email which details their IT incident, action taken to resolve and how long the end outcome will be. Additionally IT teams can access a variety of incident reports showing, volume, type, timings, actions taken and resolution rates in line with agreed SLA's.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: Yes
• Who implements virtualisation: Supplier
• Virtualisation technologies used: VMware
• How shared infrastructure is kept separate: In line with ISO2700 Information Security, accreditation, user accounts are set up with specific access using a role-based access system that ensures granularity of the available services within the environment. This means only registered and approved users can access their own data at any one time. We also use VMWare and VLAN's to completely segregate customers networks.

Energy efficiency

• Energy-efficient datacentres: Yes
• Description of energy efficient datacentres: Group Involvement - We have established an approval board containing; representatives from all disciplines across the business. ; ; Consider the environmental impact of installed devices - We carry out audits of existing equipment to maximise any unused existing capability by ensuring that all areas of optimisation, consolidation and aggregation are identified prior to new material investment.; ; Environmental Management - We have introduced a plan for Environmental Management based on the policies outlined in ISO 14001. ; ; Energy Management - We have introduced a set of guidelines and processes for managing energy in the data centre based on ISO 50001.; ; Asset Management - We have adopted many of guidelines in ISO 55000. We have full knowledge of the numbers, types and purposes of the assets deployed in our data centre and how they impact energy management.; ; Sustainable energy - We record and reporting on the proportion; of sustainable / renewable energy used against the overall energy consumption. The metric we use in the "Renewable Energy Factor”; (in kWh) compared to overall consumption (in kWh).; ; Monitor and manage air quality - We ensure air quality is monitored and managed. We base filter choices on the guidance set out in ISO 16890-1.

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Covid-19 recovery

  Fighting climate change

  Improve workplace conditions that support remote working, and sustainable travel solutions

  Covid-19 recovery

  Improve workplace conditions that support remote working, and sustainable travel solutions

Pricing

• Price: £0.07 a gigabyte a month
• Discount for educational organisations: Yes
• Free trial available: Yes
• Description of free trial: A 30 day, free trial for Veeam with 200GB available storage on request.

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@wanstor.com. Tell them what format you need. It will help if you say what assistive technology you use.