Installation Technology Limited

NAAS - Fixed and Wireless Networks - Service Definition

Design, delivery and ongoing management of Fixed and Wireless Networks as a Service providing an essential part of a Cloud or Hybrid Cloud Solution.

Features

• Highly secure
• High available
• Low latency
• Gigabit Passive Optical Network (GPON)
• Ubiquitous Coverage
• All major manufacturers supported
• Highly scalable
• Quality of Service (QoS)
• High Bandwidth

Benefits

• Cost Effective
• Peace of mind reliability
• Good value for money
• Installed with the minimum of disruption to your business
• Enhanced productivity
• Better collaboration
• Competitive advantage
• Increased Efficiency

£425 to £995 an instance a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.barney@installationtechnology.com. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

227524028553610

Contact

Stephen Barney
+44 (0) 118 969 9777
stephen.barney@installationtechnology.com

Service scope

• Service constraints: Coverage can affected by the fabric of the building.; Cat 6a runs can be no longer than 100 metres,
• System requirements:
  • Sufficient power is available where needed
  • Sufficient space is available

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: Within 2 hours
• User can manage status and priority of support tickets: No
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Onsite support
• Support levels: Priority Levels Target Resolution Time ; ; Priority 1 Within 4 hours of Incident Start Time ; ; Priority 2 Within 8 hours of Incident Start Time ; ; Priority 3 Within 48 hours of Incident Start Time ; ; Priority 4 Within 168 hours of Incident Start Time; ; Standard service levels including access to a Service Manager for escalations 24x7x365. ; ; No other support levels available.
• Support available to third parties: Yes

Onboarding and offboarding

• Getting started: Onsite training is provided as part of the onboarding service as standard.
• Service documentation: Yes
• Documentation formats: PDF
• End-of-contract data extraction: Typically via Excel. Note all customer data is deleted once off-boarded inline with GDPR legislation.
• End-of-contract process: We will create a off-boarding plan 1 month before the end of the contract outlining all of the information a customer needs to offboard successfully. They will also have regular contact with their service manager, there is no additional charge for this service.

Using the service

• Web browser interface: No
• API: No
• Command line interface: No

Scaling

• Scaling available: No
• Independence of resources: By reviewing performance data during regular service reviews.
• Usage notifications: No

Analytics

• Infrastructure or application metrics: Yes
• Metrics types:
  • HTTP request and response status
  • Network
• Reporting types: Regular reports

Resellers

• Supplier type: Not a reseller

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: Yes
• Datacentre security standards: Supplier-defined controls
• Penetration testing frequency: At least once a year
• Penetration testing approach: Another external penetration testing organisation
• Protecting data at rest: Physical access control, complying with CSA CCM v3.0
• Data sanitisation process: No
• Equipment disposal approach: Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001

Backup and recovery

• Backup and recovery: Yes
• What’s backed up:
  • System Configurations
  • Usernames and Passwords
• Backup controls: We work with our customers to agree back-up schedules at point of implementation.
• Datacentre setup: Multiple datacentres with disaster recovery
• Scheduling backups: Supplier controls the whole backup schedule
• Backup recovery: Users contact the support team

Data-in-transit protection

• Data protection between buyer and supplier networks: Private network or public sector network
• Data protection within supplier network: IPsec or TLS VPN gateway

Availability and resilience

• Guaranteed availability: Key Performance Indicators Service Credit; KPI 1 Service availability 99.9% 10% of the Monthly Service Fee; KPI 2 Engineer on site within 4 hours 10% of the Monthly Service Fee
• Approach to resilience: Our service data centres run active / active, if one is unavailable users are dynamically routed to the other.
• Outage reporting: E-mail alerts

Identity and authentication

• User authentication:
  • 2-factor authentication
  • Username or password
• Access restrictions in management interfaces and support channels: We use least privilege principles with regular reviews and audits of access permissions to ensure only authorized personnel have access, while logging and monitoring track usage for security and compliance.
• Access restriction testing frequency: At least once a year
• Management access authentication: Username or password
• Devices users manage the service through: Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

• Access to user activity audit information: Users contact the support team to get audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users contact the support team to get audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: BSI Assurance UK Ltd
• ISO/IEC 27001 accreditation date: 25/10/2023
• What the ISO/IEC 27001 doesn’t cover: Nothing is specifically excluded.
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: No
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow ISO 27001 and provide regular training throughout the organisation along with regular audits to ensure compliance.; Reporting structure; Service Manager; Chief Information Officer

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Configuration Baselines: We define and maintain standardised configurations for cloud resources to ensure consistency across environments.; Inventory and Tracking: We regularly monitor and maintain an up-to-date inventory of cloud resources and their configurations, including virtual machines, databases, and network components.; Change Management:; Change Request and Approval: We operate a formal change request and approval process, where all changes to cloud infrastructure and services must be proposed, reviewed, and approved before implementation.; Testing and Rollback: we implement changes in a controlled manner, with thorough testing in a staging environment and a clear rollback plan in case issues arise during deployment.
• Vulnerability management type: Supplier-defined controls
• Vulnerability management approach: We regularly scan infrastructure and applications for vulnerabilities using automated tools. Identified vulnerabilities are prioritised based on risk and potential impact. Remediation plans are developed and executed promptly, timeframes vary depending on various factors and range from within an hour to several days. Regular patch management, continuous monitoring, and threat intelligence integration ensure timely updates and protection. Patching deployment times vary based on risk and threat and vary from within an hour to several days. Threat data comes from Threat Intelligence Feeds and security vendors.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We continuously observe our cloud infrastructure and services for suspicious activity. This includes tracking user access, API calls, and resource usage. Anomaly detection and behavioral analytics help identify potential threats. Alerts and notifications are triggered for any unusual patterns, enabling prompt investigation and response. When a potential compromise is detected in a cloud environment, we immediately isolate the affected resources to contain the threat and prevent further spread. Investigate the incident to determine the scope and impact, then proceed with remediation and recovery efforts while notifying relevant stakeholders. Response times vary from within an hour to several days.
• Incident management type: Supplier-defined controls
• Incident management approach: Yes we have pre-defined processes for common events. We respond rapidly to contain threats and minimise impact, investigating root causes, resolving incidents efficiently, and documenting outcomes. ; Users report incidents via email or calling the helpdesk, with monthly summaries of incident reports sent to customer stakeholders via email.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Separation between users

• Virtualisation technology used to keep applications and users sharing the same infrastructure apart: No

Energy efficiency

• Energy-efficient datacentres: No

Social Value

• Social Value:

  Social Value

  • Fighting climate change
  • Equal opportunity

  Fighting climate change

  We have a published carbon reduction plan that is available on our website. We have ambitious plans to be carbon neutral by 2035, 15 years ahead of the government's target.

  Equal opportunity

  We have a published Equality and Inclusion policy that is available on our website. Installation Technology partners with The Diversity Trust on a range of projects and are committed to providing a working environment that upholds dignity, equality, and respect for all employees, providing equal opportunities to all of our people.

Pricing

• Price: £425 to £995 an instance a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at stephen.barney@installationtechnology.com. Tell them what format you need. It will help if you say what assistive technology you use.